Security researcher Jonathan Leitshu found a zero-day vulnerability in the Zoom video calling application on Mac computers. Malicious sites add users to macOS video conferencing without their knowledge.
This became possible due to the installation of local Zoom servers in macOS. They continue to work even after uninstalling the application and can reinstall it without the user's permission.
Zoom developers explained that a local server is needed to store information about settings. Updates to the Safari browser caused each time Zoom was launched, users had to re-configure the application. Chromium and Mozilla also discovered a vulnerability, but did not find a way to close it.
Representatives of the company have promised to release an update with the correction of an error this month.
In older versions of Zoom, Leitshu discovered a vulnerability to DDoS attacks.
UPD: Zoom released an update …