Zoom said that it had "no indication" that any of the millions of people who use its software had ever fallen victim to the software flaw, and said that it would be "readily apparent" if anyone had access to the camera because the video application is created to be the top window on a user's computer screen.
Mr Leitschuh told Medium: "This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission".
Despite the mishandling of the incident, Zoom's share price has continued to rise throughout the week, sitting at $92.72 a share at the time of writing, up 2% on the day. In a move that Daring Fireball's John Gruber justifiably describes as "criminal", it seems that Zoom leaves risky pieces of itself behind, in the form of a local web server, even after a user would have every reason to believe they've uninstalled it. In fact, Farley pointed the finger at Apple as the reason for the background web server, saying that it was built as a "workaround" after Apple made a security change in Safari 12 to improve user privacy, in order to avoid making users click an extra dialog box before joining a meeting.
The update also allows users to manually uninstall Zoom. The update ensures the webserver is removed-even if users have uninstalled Zoom or haven't installed Tuesday's update.
"It took Zoom 10 days to confirm the vulnerability", wrote Leitschuh.
Originally published at 4:40 p.m. PT Updated at 7:20 p.m. with Zoom comment and confirmation.
Zoom developers explained that the local server needs to store information about settings.
However, a malicious website can exploit the web server by sending it a request for a video feed.
'What's unfortunate, invasive and a violation of trust is when the software seems " uninstalled" but really isn't.
"A very poor decision by the folks at Zoom", he added.
- Appeals court dismisses emoluments lawsuit involving President Trump’s D.C. hotel
- US central bank to study Facebook virtual currency
- SpaceX Wins NASA Contract For Neutron Star Research Spacecraft
- Turkey Ignores E.U. Demand to Cease Illegal Drilling Off Cyprus
- Pokemon Sword & Shield shows off new Pokemon & Gigantamaxing in latest trailer
- ‘Unprecedented emergency’: S. Korean president warns of prolonged export row with Japan
- Asia shares cautious in case Powell closes rate door
- India vs New Zealand - Highlights & Stats
- Penguins center Matt Cullen retires after 21 seasons | Lexington Herald Leader
- Wimbledon 2019: Novak Djokovic sweeps through to semifinals