[Hidden-tech] Major security flaw in Zoom

Elijah Gwynn eli at egwynn.com
Thu Jul 11 13:21:36 UTC 2019


Amazingly Apple *also* released a fix — silently — which disables 
the Zoom web server even on Macs that haven't installed the Zoom patch.

https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/

Eli

On 11 Jul 2019, at 0:42, Val Nelson via Hidden-discuss wrote:

> The update alert showed up when I went in today and the switch was 
> easy and it works great.
>
> ~Val
>
> ..........................................
>
> https://ValNelson.com
>
> (Sent from phone. Please pardon brevity or typos. Thanks.)
>
> On Jul 10, 2019, at 5:30 PM, Michael Klatsky via Hidden-discuss 
> <hidden-discuss at lists.hidden-tech.net> wrote:
>
> Zach -
>
> Thanks for sending that along.
>
> For those who need to use Zoom- an update has been released:
>
> https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/
>
>
>
> ---
> Sincerely,
>
> Michael Klatsky
> Devops and Technical Services
> MapuTech
>
>
>> On July 10, 2019 at 1:57:01 PM, PeopleFirst Tech via Hidden-discuss 
>> (hidden-discuss at lists.hidden-tech.net) wrote:
>>
>> Have you used the popular Zoom platform for videoconferencing or 
>> screen sharing? We primarily don't, but recent security flaws 
>> uncovered on Zoom lead us to suggest that you uninstall it 
>> (instructions courtesy of BuzzFeed).
>>
>> Further reading: 
>> https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
>>
>> What to Do About It
>>
>> Go to Zoom settings > Video, and under Meetings, enable “Turn off 
>> my video when joining a meeting.”
>>
>> OR
>>
>> Get rid of the Zoom desktop app entirely. If you want to get ahead of 
>> Zoom’s patch, which the company said will be released by midnight 
>> tonight, first you need to shut down the web server. Open the 
>> application called Terminal. Copy and paste this text: lsof -i 
>> :19421. Press enter. You’ll get a string of mumbo jumbo. Underneath 
>> the text “PID,” copy the string of numbers. Then type “kill 
>> -9” (without the quotes), add a space after -9, and paste the PID 
>> string of numbers. Press enter. The server has been killed.
>>
>> Drag the Zoom app, along with a folder titled “.zoomus,” to the 
>> trash can. Then hover over the trash can, and press CONTROL and click 
>> your mouse simultaneously. Empty the trash can. Boom.
>>
>>
>> — — —
>> Zach Fried
>> PeopleFirst Tech Consulting
>> Human-Focused Solutions
>> zach at peoplefirst.tech
>>
>> By Appointment:
>> 409 Main Street, Suite 214
>> Amherst, MA 01002
>> (413) 461-0617
>> _______________________________________________
>> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
>> Hidden-discuss at lists.hidden-tech.net
>>
>> You are receiving this because you are on the Hidden-Tech Discussion 
>> list.
>> If you would like to change your list preferences, Go to the Members
>> page on the Hidden Tech Web site.
>> http://www.hidden-tech.net/members
>
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion 
> list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members


> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion 
> list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20190711/18d7c048/attachment.html>


Google

More information about the Hidden-discuss mailing list