Dear Campus Mac Users:
A vulnerability in the Zoom client for Mac OS X has made the news this week. This specific vulnerability could allow a Zoom user to be tricked into joining a Zoom meeting with the video camera on.
The Information Security Office wishes to clarify that this vulnerability does not allow a remote attacker to turn on your computer's web camera without the user's interaction. It requires the user to open or click on a URL for a Zoom meeting. The concern regarding this vulnerability is that there are many ways to trick a user into opening a Zoom meeting URL.
The Information Security Office recommends that any Mac OS X user running the Zoom client update their Zoom client software. The steps to update the Zoom client are to launch the Zoom application, select the zoom.us drop-down menu, and run "Check for updates." The Zoom client will download the latest version of the Zoom application and install it if you do not have the latest version installed.
Another preventative step for Mac OS X Zoom users is to go to the Zoom client Preferences, select Video settings, and check/select the "Turn off my video when joining a meeting" option.
For any questions on this notice or assistance in updating the Zoom client for Mac OS X, please reach out to the UCR Bear Help team.