As someone who used @zoom_us on a Mac, I'm troubled by this. It seems that:
1. There's no SDLC in place to stop code like this from getting into prod
2. They don't take vulnerability reporting seriously
Looking forward to Zoom's account of what happened.https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 …
-
-
You're probably running a very old version of Zoom then. As far as I'm aware, zoom's auto update functionality is non existent.
-
OK, there must have been something wrong with the first time I attempted to reproduce this last night. At that time there was no listener on 19421 either, so perhaps it fell back to protocol URI? However, this time worked as described. I don't see why the listener is necessary.pic.twitter.com/vCZ1c7KMFy
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.