Earlier this week, two vulnerabilities in the Zoom application for Mac devices were disclosed by a security researcher. These vulnerabilities include the use of a local host web server on Mac devices to operate Zoom, and the way in which video is enabled for Zoom meetings.
On 9 July, Zoom released an initial patch that allows Mac devices to operate Zoom without the use of a local host web server. The second patch, regarding potential misconfiguration of video settings, will be released over the weekend (13-14 July).
We recommend reading the blog Zoom issued addressing these vulnerabilities, what steps they are taking, and what you may need to do.
From a data security perspective, Engineering & IT views these vulnerabilities as moderate rather than extreme. Despite the relatively low risk, Zoom took swift action to address these concerns and has been in contact with us throughout the process. We will remain in close contact with Zoom to ensure safe and secure service continues. I remain confident that Zoom is the right provider for our web conferencing needs.
If you have any questions or concerns related to Zoom, please let us know.