Friendly forums for passionate Dems!
More than 92 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Culture Forums»Apple Users»Massive vulnerability to ...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Apple Users

Related: About this forum

DetlefK

(16,471 posts) Tue Jul 9, 2019, 01:05 PM Jul 2019

Massive vulnerability to hackers has been found in "Zoom"-app.

https://lifehacker.com/remove-zoom-from-your-mac-right-now-1836209383

The Zoom video conferencing app contains two big security issues for Mac users. First, uninstalling the app the regular way doesn’t actually remove it from your system; instead, by installing Zoom, you’ve actually installed a persistent web server on your system that can be used to reinstall the app without your permission.

Why is that a problem? Because an attacker can then send you an invite link to a meeting—embedded in a website, or even an email—which launches Zoom (even if you “removed” it). This joins you into a conference call and, by default, your webcam is on, which could create some awkward moments depending on what you’re up to.

There are two primary fixes for this problem, which security researcher Jonathan Leitschuh outlined in his recent public disclosure of Zoom’s vulnerabilities. At minimum, you’ll want to go into Zoom’s video settings and enable this setting: “Turn off my video when joining a meeting.”

...

The bigger solution, if you ask me, is to uninstall Zoom completely—which means removing that persistent web server it has dropped on your system. To do so, you’ll need to open up your Mac’s Terminal and run a two commands:
InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 1 replies, 2595 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (3) ReplyReply to this post
1 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Massive vulnerability to hackers has been found in "Zoom"-app. (Original Post) DetlefK Jul 2019 OP
Article is good, but .... CloudWatcher Jul 2019 #1

CloudWatcher

(1,927 posts)
1. Article is good, but ....
Reply to DetlefK (Original post)
Tue Jul 9, 2019, 02:29 PM
Jul 2019

Thanks for posting! But ... I'm not completely happy with this article. It says to:

rm -rf ~/.zoomus
touch ~/.zoomus

But that's a little weird. It basically deletes the directory .zoomus and its contents, and then makes an empty file (not a directory) with the same name so that the malware will fail when it attempts to re-install (because the file with the same name keeps the directory from being created). But it doesn't stop the malware from running on your machine and trying to reinstall Zoom. Nor does it say how the garbage in ~/.zoomus/ is launched.

And something has to start it up. Stuff in ~/.zoomus is not going to be launched without some other hooks already running on your machine.

To find automatically launched code, you normally first review all the contents of the LaunchAgents and LaunchDaemons directories (all of them ... in ~/Library, /Library and /System/Library). But this is a chore and isn't trivial for programmers, let alone non-programmers.

And stuff can also be launched via the "Login Items" list that's visible (and editable) using the "Users and Groups" panel in the "System Preferences" application.

A few minutes of google searches turned up this list of files to delete to remove Zoom ....

/Applications/zoom.us.app
~/Desktop/Zoom
~/Library/Application Support/zoom.us
~/Library/Caches/us.zoom.xos
~/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin
~/Library/Logs/zoom.us
~/Library/Logs/zoominstall.log
~/Library/Preferences/ZoomChat.plist
~/Library/Preferences/us.zoom.xos.plist
~/Library/Saved Application State/us.zoom.xos.savedState

And this tidbit:

pkill ZoomOpener;
osascript -e 'tell application "System Events" to delete login item "ZoomOpener"';
rm -r ~/.zoomus

That second line is the ahah. This thing is able to keep trying to reinstall because it's in the "Login Items" for your login. So every time you log back into your Mac it runs ZoomOpener and tries to reinstall into ~/.zoomus/. (TBD exactly where ZoomOpener lives. I was tempted to install Zoom just to find out, but then sanity returned.)

So bottom line, delete the app, delete the .zoomus directory and delete the Login Item that tries to reinstall it. And delete the browser plugin as well (~/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin). Oh and avoid Zoom like the malware that it is.

ref: https://apple.stackexchange.com/questions/358651/unable-to-completely-uninstall-zoom-meeting-app

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»Culture Forums»Apple Users»Massive vulnerability to ...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.