Zoom is a popular video conferencing suite which is used by a number of shops because it provides a consistent cross-platform experience. Recently, it was discovered that Zoom was setting up a local webserver process. This capability enabled Zoom’s client to be launched in response to clicking a URL, but it also potentially allowed someone to be forcibly connected to a Zoom call with their video camera active. This issue has been assigned the following CVE identifier:
CVE-2019-13450: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13450
Once this vulnerability was widely publicized, Zoom responded with an updated version of their Zoom client for macOS which removes the local webserver and also allows users to manually uninstall the Zoom client. They also provided the following manual remediation instructions:
I’ve taken those commands and used them to build a script to address the vulnerabilities described in CVE-2019-13450. For more details, please see below the jump.
The script is available below and on my GitHub repo:
https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/fix_zoom_vulnerability
This script is also available as a payload-free package on my GitHub repo, available for download from the payload_free_package directory available from the link above.