On Jul 10, 2019, at 2:44 AM, Priscilla McCarthy <priscilla.barolo@zoom.us> wrote:

Hi there Vaibhav,

Thank you for your email. These are low-risk vulnerabilities that apply only to Mac users, and we have drafted a blog post discussing them. We are updating our service tonight and this coming weekend. When you see prompted updates, you should update your Zoom app to ensure your security. Here is more information: https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/

Thank you!

Priscilla Barolo Manager, Communications Zoom Video Communications Call 650-438-9456 |    Click zoom.us  |  Zoom 650-438-9456

On Tue, Jul 9, 2019 at 12:20 PM Vaibhav Aggarwal <va@thevaibhav.com> wrote:

Dear Eric,

I am in receipt of this following email content : 

Hey - remember when ICANN switched everyone from Adobe over to Zoom as a way of enhancing information security and data privacy?

"A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission... This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission. On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call. Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day."

Read more here: https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

Please Clarify if my privacy at risk. And the steps taken to protect my privacy.

Regards,

Vaibhav Aggarwal

New Delhi, India

vaibhavaggarwal.com 

twitter.com/thevaibhag

youtube.com/+vaibhavaggarwalindia