Security News > 2022 > October > Zoom for Mac patches sneaky “spy-on-me” bug – update now!

When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client.

A "Debugging port" typically refers to a listening network connection, usually a TCP socket, that handles debugging requests.

In the same way that an email server usually listens on TCP port 25, waiting for remote email clients to "Call in" over the network and request permission to deliver incoming messages, debugging ports listen on a port of their own choosing for incoming connections that want to issue debug commands.

Many software products are deliberately built in two different flavours: a debug build, where debugging can be turned on if desired, and a release build in which the debugging features are omitted altogether so they can't be activated at all, whether by accident or by design.

Because software commands issued via a debugging port typically operate independently of an app's regular user interface, you probably wouldn't see any giveaway signs that your Zoom session had been hijacked this way.

Update to your macOS Zoom Client to version 5.12.0 or later and the debugging port will stay closed when you use Zoom.

News URL

https://nakedsecurity.sophos.com/2022/10/18/zoom-for-mac-patches-sneaky-spy-on-me-bug-update-now/