As someone who used @zoom_us on a Mac, I'm troubled by this. It seems that:
1. There's no SDLC in place to stop code like this from getting into prod
2. They don't take vulnerability reporting seriously
Looking forward to Zoom's account of what happened.https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 …
-
-
And to be clear, the only reason it's prompting me is because I've never before successfully run Zoom to join a meeting in this VM. Otherwise, the prompts for user name, microphone permission, and camera would not be displayed, and http://zoom.us (obviously) joins a mtgpic.twitter.com/3TMiB5V2aX
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.