Flaw in Zoom app could allow Mac webcams to be hacked

Jonathan Leitschuh, a US-based security researcher on Monday had publicly disclosed a major zero-day vulnerability in the Zoom video conferencing software. Leitschuh had demonstrated that any website can start a video-enabled call through the Zoom software on a Mac with the help of a web server which gets installed by the Zoom app.

According to a report by The Verge, the server accepts the requests which the regular would not. The report further says that even if you uninstall the Zoom software, the server will still remain and it can reinstall Zoom without the user’s choice. As per the findings by Leitschuh, the Zoom software can get hijacked by any website which can then force a Mac user to join a call along with an activated webcam even without their permission unless a specific setting is enabled.

On a Medium post published on Monday, Leitschuh gave a demonstration through a form of a link which after being clicked takes Mac users (currently using/or have used Zoom app before) to a conference room activating their webcams. He notes that this particular code can get embedded to any website and also on malicious ads or a phishing campaign.

Leitschuh further writes that even if Mac users uninstall the Zoom app, the local web server still remains and it will “happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage.”

The Verge in its report said that they tried the flaw themselves by using Leitschuh’s demo and were able to confirm that the issue does persist on clicking the link if Mac users have used the Zoom app and have not checked a particular checkbox in settings. The link auto joins the users to a conference call with the web camera on.

As per Leitschuh, he had contacted Zoom back on March 26 earlier this year and had said that he would disclose the exploit publicly in 90 days. According to him, Zoom does not seem to have done enough to resolve the problem. The particular vulnerability was also disclosed to both Chromium and Mozilla teams, however, because it is not an issue with their browsers, there is not much those developers can do about this.

Apple to shut down iTunes




Apple has officially confirmed that they are now shutting down their 18-year-old iTunes music library and replacing it with three new different apps. 

The firm revealed it will be launching three newer entertainment apps Apple Music, Apple Podcast, and Apple TV. 

The users of iTunes music should not worry as they will still have access to their existing music library. 

“Users will have access to their entire music library, whether they downloaded the songs, purchased them or ripped them from a CD,” reads a press release.

The customer’s music library would be automatically transferred to Apple Music, audiobooks and podcasts would be shifted to Apple Podcast, and videos will be stored in the Apple TV app. 

However, users using any other operating system rather than a Mac, will not be able to download the latest three apps, and for them, iTunes Music would be still available. 



This WWDC 2019 Its iOS 13, macOS Catalina, And More



At its Worldwide Developers Conference (WWDC) 2019 event Apple disclosed the 'next variant' of its operating system for Macs dubbed as macOS Catalina.

Being quite a progressive upgrade over the macOS 10 Mojave operating system and will be made accessible to eligible Mac users in fall 2019 while the public beta for macOS Catalina is scheduled to arrive in July 2019.

The expansion of the cross platform applications under Project Catalyst is a component that was first presented with macOS Mojave and iOS 12 for the organization's own applications and is considered as one of the biggest one.

Through iOS 13 and, Apple will now enable its developers to use this element for testing their very own applications for compatibility.



Aside from the introduction of macOS Catalina, Apple additionally displayed its new 'Find My' app likewise to be made accessible to iOS. The 'Find My' app incorporates yet another network feature system with the assistance of which consumers can track their Apple devices notwithstanding when they are not connected with the internet.

As a piece of the company's new cross platform application initiative, a large number of new and upgraded applications, including Apple Music, Podcasts, Books, TV and Reminders have likewise been brought into highlight.

While the music and TV apps are the new ones, the podcasts, Books and Reminders apps are simply overhauled. The Music app is known to have been supplanting iTunes, which has been being used for a long time now.

Notwithstanding this, the other updations made by Apple incorporates features like Sidecar, RealityKit and the Swift UI.

While the Sidecar is introduced with macOS Catalina, with the capacity to send any app to an external display, which includes connected monitors and iPads. The RealityKit feature accessible in Apple's AR Kit 3 can be accessed by developers within Xcode and numerous apps like Minecraft have already begun utilizing it.

Finally the Swift UI feature is the successor to the Swift code language Apple presented a couple of years prior, this element makes it a lot simpler for the developers to code apps for the majority of Apple's platforms and the X code -preview highlight displays how the apps will look like, in real life.