As you may have heard, another significant zero day vulnerability was announced today.  In this case, it is related to Apple Mac users who have installed the Zoom conferencing application.  In addition, because RingCentral is built upon Zoom, its users are also vulnerable, and should follow the same steps shown below.

In a nutshell, it has been discovered that websites can be configured to turn on the webcam in the Mac without the user’s permission or awareness.  It is also possible for remotely controlled execution of code to be enabled.  In addition, there is a background process running that will re-install Zoom if you remove it.

For details about the Zoom vulnerability, read more.

As a remedy, we suggest that you remove the Zoom software from your machine immediately. If you wish to use Zoom in the future (or other conferencing applications), simply use the web-based client: there is little need to install the native application. Zoom states that it will be publishing an update tonight or tomorrow, but to be safe we believe it is prudent to uninstall the software, remove all folders associated with Zoom, and make sure that no Zoom processes are running.  For those of you unsure of how to check running processes, Zoom states that it will have an updated uninstaller program by the weekend that should fully remove all elements.

If you leave the program installed, the Zoom updates will likely present you with the option to install the updates.  You can agree to this, but it’s not yet known how effective their updates will be.  Many users place a piece of black tape or other camera cover over the lens of their cameras: that is another option.  The only way to be 100% sure you are not vulnerable today is to shut the machine down and leave it down until the updates have been tested and verified.  We don’t believe that many will find that acceptable, so we are offering the options above as ways to deal with this situation.

If you have any questions, please feel free to contact our help desk at 877-895-2525 for further assistance.

PS: This should be done for all Mac systems (personal or work).  Feel free to share this information with others you know that use Apple Mac systems.