Scary news this week for IT Managers and Zoom users everywhere. More than 4 million Zoom users on Macs are at risk of having their webcams hijacked.
Zoom, who offer various web conferencing and webinar products disclosed publicly this week that they have a major security vulnerability for Mac users. This also applies to white labeled products like RingCentral. The vulnerability allows any website to activate a Zoom user's camera through a forced Zoom call without their permission.
This also applies to any user who may have downloaded the Zoom client and then uninstalled it. The localhost server will still exist on the user's machine allowing attackers to send malicious call invites which will reinstall the app without the user's explicit permission. You can view more detail and a timeline of the issue here.
So what should you do about it?
Zoom has just pushed an update live that they promised later this evening. We recommend that all Enterprise Zoom clients force the latest Zoom update centrally through your Mac Device Management app, or request that all employees install the latest Zoom version tomorrow, Wednesday July 10th. We pushed this out to the Intello team via Fleetsmith earlier today.
There will be another update scheduled for July 12th that removes the camera "default on" function. You'll need to push or recommend this additional update over the weekend.
And definitely keep an eye out for more detail on what the patch includes and how it'll solve the issue. Some of our favorite resources are Medium and the MacAdmins slack channel. The Zoom blog will likely be the most up to date on technical specifications. We also communicate this information and alerts to our clients when a vendor they use experiences a breach or security vulnerability. In this case, Intello's algorithms recognize that a company has Zoom in use amongst their employees and/or they have spend associated with Zoom licenses.
As always, Intello is here to help with SaaS Ops however we can. And if you're curious to know who at your organization may be using Zoom, you can sign up for a free 14-day trial now and get instant access. Intello helps IT Managers see all of the SaaS in use at their company, whether it's sanctioned or not. The platform often reveals 40-70% more SaaS apps in use than they had previously thought. From there you can manage licenses, spend and renewals, security, and compliance.
To learn more about how IT leaders are exposing shadow IT with Intello, check out our latest case study featuring Instacart.
And don't worry. No puppies were harmed or unfairly treated in the making of this blog. She was fed a generous amount of treats to get the shot just right and she's not upset about it.