Zoom Video Conferencing Vulnerability on Mac Devices

To: UCSC Faculty and Staff

From: Byron Walker, Chief Information Security Officer

I am writing to provide an update regarding a vulnerability with the Zoom Client for Mac devices.

You may have seen in the news recently that a vulnerability in the Mac Zoom Client could allow any malicious website to enable your camera without your permission. Zoom has assured us that the vulnerabilities are low risk and that UCSC Zoom accounts have not been exploited. 

As of late yesterday, Zoom has fixed the security flaw with an emergency patch. ITS is actively installing the updated Zoom client on relevant managed systems to patch the vulnerabilities. As part of this installation, the camera will be off by default when joining new Zoom meetings. Users may enable the camera as needed.

ITS recommends these best practices for using Zoom video conferencing: 

  1. Update the Zoom Client on non-managed computers.

  2. Turn camera off by default when joining a Zoom meeting.

  3. When not using your camera, always use a webcam sticker on your computer and mobile devices (even your smartphone!). Visit the ITS Support Center in Kerr 54 to pick up free webcam stickers.    

Visit the Zoom blog for additional details: https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/

For questions, please submit an IT Request ticket at http://itrequest.ucsc.edu, or contact the ITS Support Center by email help@ucsc.edu, telephone 459-HELP(4357), or in-person Kerr Hall Room 54.