July 10 2019: Zoom Security Vulnerability for Macs

UPDATE July 11: Apple is pushing out a silent update which will remove the vulnerable component. "Apple said the update does not require any user interaction and is deployed automatically."

A recent Zoom vulnerability was announced for the Mac client. It allows any web site to turn on your camera without your knowledge.

Here is the current process to mitigate the problem:

  • If Zoom app is currently installed, and you are not going to use it in the future, then open the zoom app, and select 'Check for Updates…' from the zoom.us menu.
    • After zoom finishes updating to Version 4.4.53932.0709 or newer, then you may select 'Uninstall Zoom' from the zoom.us menu.
    • This will uninstall zoom, remove the zoom web browser if it is present, and remove the .zoomus directory from your home directly.
    • If you need to use zoom in the future, you can download the Zoom Installer Version 4.4.53932.0709 or newer to reinstall the app.
  • If you want to continue to use Zoom, download the new Zoom Installer, Version 4.4.53932.0709 or newer.
    • Run the Installer. Then Choose Uninstall from the Zoom menu. This will remove the new version as well as all of the old pieces.
    • Then run the installer again. This will give you a clean install of the new version..
    • The new installer doesn't add the web server, or the ~/.zoomus folder.

Note that you have to upgrade to the newest version so that it updates itself well enough to delete itself entirely when you ask to uninstall.

Please contact us if you have questions.