Daily Buzz: A Conferencing Tool’s Big Vulnerability

A vulnerability in the widely used Zoom allows websites to access cameras on Macs, but uninstalling the software won’t solve the problem. Also: customer-service traits that improve the member experience.

If your association relies on Zoom videoconferencing and uses Macs, a word of warning: Security researcher Jonathan Leitschuh has disclosed a vulnerability in the Mac Zoom Client, namely that it allows any malicious website to enable your camera without your permission.

“This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission,” Leitschuh says.

But uninstalling the software doesn’t remedy the issue, writes Dieter Bohn on The Verge. “You can ‘patch’ the camera issue yourself by ensuring the Mac app is up to date and also disabling the setting that allows Zoom to turn your camera on when joining a meeting,” he says. “Again, simply uninstalling Zoom won’t fix this problem, as that web server persists on your Mac.”

Leitschuh says he disclosed the issue to Zoom in March, but the company made no moves to fix the problem. In a statement to The Verge, Zoom said it developed the local web server to save users additional clicks after Apple updated Safari in a way that requires users to confirm if they want to launch Zoom each time they click a meeting link. The company defended the decision, saying it was a “legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator.”

However, after widespread backlash on Tuesday, the company had something of an about-face, releasing an emergency patch that could remove the web server entirely.

“We also recognize and respect the view of others that say they don’t want to have an extra process installed on their local machine,” the company’s chief information security officer, Richard Farley, told The Verge Tuesday evening. “So that’s why we made the decision to remove that component—despite the fact that it’s going to require an extra click from Safari.”

Skills That Boost the Member Experience

If member relations often feels like customer service, that’s because it can be. Associations, like many other industries, are in the people business, says Callie Walker on the MemberClicks blog. That’s why honing traits traditionally associated with customer-service roles can go a long way for members.

Walker pinpoints adaptability, empathy, strong communication skills, and authenticity as among the biggest characteristics to practice.

Other Links of Note

Using vacation to cure burnout? It won’t work, says Sarah Todd on Quartz at Work.

Meeting planners should leverage Instagram for more than posting pictures. BizBash offers seven ways they can promote their work on the app.

A well-managed nonprofit team exemplifies each member’s talents. The Wild Apricot blog shares how leaders cultivate that dynamic.

(eugenekeebler/iStock/Getty Images Plus)

Jeff Hsin

By Jeff Hsin


Got an article tip for us? Contact us and let us know!