Intro

Hello everyone! I am posting this new topic since it's really a big issue and can become worst if we are not aware of it.
I truly think it's really important nowadays to feel safe in your real life and even on your digital world as well.

Privacy is a major issue and even if you think it will never happen to you, you're probably mistaken. This new breach was just found out and just happen to me and I had it in my machine. I could have suffered far worst consequences if I didn't address this issue right away.

Now I want to help anyone that has the same concerns or just want to know if this problem can have consequences for them as well.

Let's check if your Mac is infected and help you out clean and fix it— if that is the case.

Everyone knows that MacOS and Linux are the safest OS but recently there was a breach discovered on the zoom client for macs that can impact and affect 4+ Million Webcams and yours can be one of them!

***


This post wants to try to help you find out if your mac is infected and how to fix it in a few simple steps.

---

⚠️**Important note:** Even if you uninstall the app this will still be running on the background of your computer. So always double check in the terminal.

---

How to quickly know if you are infected and you have to follow the rest of the steps to shut down and patch it.

1. Go to the terminal on your Mac
2. Type the following code: lsof -i :19421
3. If it shows you information after hit enter from zoom server and PID number you are in danger and should follow the rest of the tutorial below to get ready of it. If nothing shows up you are ok and don't need to do anything else.

***

Steps to Follow:

1- First of all, if you are still using zoom in your Mac, launch it and disable on the settings the ability for the app to turn on your webcam when joining a meeting.

Alternatively, use this terminal command.

# For just your local account
defaults write ~/Library/Preferences/us.zoom.config.plist ZDisableVideo 1

# For all users on the machine
sudo defaults write /Library/Preferences/us.zoom.config.plist ZDisableVideo 1

2- Shut down and prevent the server from being restored after updates.

To shut down the web server, run lsof -i :19421 to get the PID of the process, then do kill -9 [process number]. Then you can delete the ~/.zoomus directory to remove the web server application files.

# To prevent the vulnerable server from running on your machine
# (this does not impact Zoom functionality), run these two lines in your Terminal.

pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus;

pkill "RingCentralOpener";  rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;

# (You may need to run these lines for each user on your machine.)

If you want a full description of how to resolve this on Windows and Mac see the Gist below.
Zoom Zero Day full report and patch information

***

Latest Update from Apple regarding this problem:

Apple on Wednesday July 10, 2019 pushed out an automatic update for Mac users that removes a localhost server created by video conferencing app Zoom, protecting users against the threat of unwanted webcam access.

This update is recommended for anyone that has the latest macOS. For anyone that can't do it or are in an older version of macOS you should follow the steps and remove the server manually.

***

Sources and more information regarding this topic:


Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website! by Jonathan Leitschuh


Apple removes Zoom web server in stealth Mac update

---

Disclaimer: Perform and follow these steps at your own risk, otherwise seek the help of someone that is already familiarised on how to work with the Mac Terminal.

---

°º¤ø,¸¸,ø¤º°°º¤ø,¸,ø¤°º¤ø,¸¸,ø¤º°°º¤ø,¸

If you enjoyed this post, please ⬆️ upvote it and reestem to help others find it. Also if you have any question or just want to share your thoughts leave your comment below!

°º¤ø,¸¸,ø¤º°`°º¤ø,¸,ø¤°

Have a great week free from bugs or virus!