Webcam flaw let hackers SPY on Mac users through video conference app Zoom

Writing in a Medium blog about his findings, Mr Leitschuh explained: “This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission.

"Additionally, if you've ever installed the Zoom client and then uninstalled it, you still have a local host web server on your machine that will happily reinstall the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage.”

The flaw exploits a feature that allows users to send a meeting link for a conference call.

Essentially, this link allows the site to initiate a video call through the Zoom app- even if the person on the other end hasn’t accepted.

While Mr Leitschuch first reported the issue to Zoom back in March, he claims that the developers only implemented a ‘quick fix’.

He wrote: “Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner," he wrote.

"An organisation of this profile and with such a large user base should have been more proactive in protecting their users from attack.”

In a statement about the issue, Zoom said: “We appreciate the hard work of the security researcher in identifying security concerns on our platform.

“Initially, we did not see the web server or video-on posture as significant risks to our customers and, in fact, felt that these were essential to our seamless join process.

“But in hearing the outcry from some of our users and the security community in the past 24 hours, we have decided to make the updates to our service.”

Zoom has now released a patch update to the app, which should prevent hackers from accessing your webcam.