Опрос

Соки какой марки Вы чаще приобретаете?

Вопрос пользователя A flaw in Zoom's Mac app may have let attackers hijack webcams

Вопрос: 
-text c-gray-1" >A serious security flaw in the Mac version of conferencing software Zoom can hijack webcams, but also leave users vulnerable to phishing and DOS attacks.<br> <br> <br> <br> The flaw takes advantage of Zoom's click-to-join feature. The exploit can force users to join a conference with their webcams enabled, without their permission, if they click a special link in their browser.<br> <br> <br> <br> The security issue occurs because Zoom installs a local web server that runs in the background on Macs. But this web server has poor security, and any website that a user visits can interact with it and make changes to users' machines. Worryingly, even if a user uninstalls Zoom, the web server remains active and can be used to reinstall the Zoom client when a user visits a webpage.<br> <br> <br> <br> Security researcher Jonathan Leitschuh, who discovered and reported the vulnerability, warned that this could be used for two types of attacks: users could be lured into meetings with their cameras turned on, in order to gather information for phishing attacks, or users' machines could be the target of Denial of Service (DOS) attacks by sending repeated junk requests to the local server.<br> <br> <br> <br> Traditionally, desktop and web applications are sandboxed to prevent this kind of cross-communication. When Zoom was made aware of the security issue, it released a quick fix solution which saved users' settings for whether video is enabled when they join a call, so users can at least have their cameras off by default. However, the fix did not address the underlying issue of the insecure local web server.<br> <br> <br> <br> The company defended its decision in a blog post, saying that without the use of the web server, users would have to click to confirm they wanted to start the Zoom client before joining a meeting. "The local web server enables users to avoid this extra click before joining - https://www.youtube.com/results?search_query=joining,creativecommons every meeting. We feel that this is a legitimate solution to a poor user experience problem, enabling our users to have faster, 토렌트 보안 - https://www.fpvwiki.club/index.php?title=User:ElizbethEiffel9 one-click-to-join meetings." It also noted that it has no indication that the exploit has never been used, and even if it were to be used, users would see they had unintentionally joined a meeting and could leave immediate<br> <br> br<br> <br> br> Whether the convenience of not having to click one extra button is worth the huge security issue created by the insecure web server is not a topic Zoom is keen to debate. In a statement to Gizmodo, the company said "one-click-to-join meetings" were its "key product differentiator" and it has not announced any plans to address the insecure web server iss<br> <br> br<br> <br> br> Via: Gizmodo Source: Jonathan Leitschuh In this article: apple, DOS attack, gear, phishing, security, software security, webcam, Zoom All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. Comments 216 Shares Share Tweet Share Save Popular on Engadg<br> <br> br> AI determines how much help Shakespeare had writing a pl<br> <br> br> View Pennsylvania court rules suspect can't be forced to provide his passwo<br> <br> br> View Astronomers create first global map of Saturn's moon Tit<br> <br> br> View Microsoft gets US license to resume selling software to Huaw<br> <br> br> View Protesters accuse Google of retaliating against organizing workers (update<br> <br> br> View From around the web