This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission. Here is, basically, what Leitschuh uncovered: In a Medium post, Leitschuh said he initially disclosed the vulnerability to Zoom on March 26, 2019, but the company still failed to resolve it beyond an initial fix he’d first suggested. On Monday, security researcher Jonathan Leitschuh publicly disclosed a vulnerability in the video-conferencing program Zoom that apparently would allow someone to turn on your Mac’s webcam and force you to join a Zoom call without your permission. If you have a Mac and you have ever used Zoom video conferencing, you might have a problem - though as of Thursday both Zoom and Apple say they’re fixing it.
