If you’ve ever downloaded the Zoom app to participate in a video conference, your Mac may be at risk—even if you’ve already deleted it. In a Medium post, security researcher Jonathan Leitschuh discovered a serious flaw that could allow a website to access your Mac’s camera without your knowledge or permission.
As Leitschuh explains, the vulnerability stems from Zoom’s quest for simplicity. As the service works, you can just send anyone a Zoom meeting link which will in turn automatically open the Zoom client installed on their machine. In case you’ve deleted the app, Zoom keeps a localhost web server running silently on your Mac, Leitschuh said, so the Zoom client will reinstall when a link is clicked without requiring any user interaction on your behalf besides visiting a webpage.