Zoom users, update NOW: Company behind video conference app releases patch to correct flaw that could let hackers take over your Mac camera and join calls without permission

The company behind a video-conferencing app revealed to suffer a worrying security flaw has backtracked on its initial decision not to put out a full fix, and now says a patch will be released tonight.

Security researcher Jonathan Leitschuh revealed this week that Zoom, an app most notable for its click-to-join feature, contains a ‘serious zero-day vulnerability’ that could let hackers take over the camera on your Mac.

And, uninstalling the app won’t fix the problem alone.

On Tuesday, Zoom said tonight’s update will remove the local web server to secure the system and do away with the use of these servers moving forward. It will also make it easier for users to uninstall the program altogether.

In a blog post, Mr Leitschuh discovered that Zoom’s design makes it possible for websites to add you to a call by activating your webcam without permission.

This vulnerability comes from the Zoom feature which allows you to send anyone a meeting link and when they open that link in their browser their Zoom client open automatically on their local machine.

The researcher says he contacted Zoom on March 26, giving the company a public disclosure deadline of 90 days.

He demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed.

That’s possible in part because the Zoom app apparently installs a web server on Macs that accepts requests regular browsers wouldn’t, the post said.

According to the Verge, uninstalling the Zoom app from your Mac isn’t enough to fix the problem, either.

If you uninstall Zoom, that web server persists and can reinstall Zoom without your guidance.

The publication confirmed that the vulnerability works — clicking a link if you have previously installed the Zoom app will automatically join users to a conference call with your camera on.