How to See if Zoom Is Running a Secret Web Server on Your Mac (and Remove It)

Wow…a Mac app that acts like a virus lol Who’da thunk it… I kid I kid I like teasing the Cult of Apple folks….

Zoom, a popular video-conferencing application, is in hot water today. The Mac version runs a secret web server in the background—even after you uninstall it!—that can be used to reinstall Zoom and even turn on your video camera.

If you’re wondering whether you’re affected—maybe you’re not sure if someone has ever installed Zoom on your Mac and then uninstalled it—here’s how to check.

To see whether you have the main Zoom app currently installed, open the Finder app, select Applications, and look for “zoom.us” in the list. If you have this app installed, you almost certainly have the web server running.

But, even if you don’t have the app here, the web server will still be running in the background if you’ve ever installed and then uninstalled Zoom.

Zoom application in Mac Applications folder

To check whether the server is running, open a Terminal window. To do so, press Command+Space to open Spotlight search, type “Terminal,” and press Enter. You can also head to Finder > Applications > Utilities > Terminal.

To discover whether the web server is running, type the following command and press Enter:

lsof -i :19421

If you see a “ZoomOpene” process running, the web server is running in the background. If you don’t, it’s not.

Command that shows whether Zoom's web server is running

If you do see Zoom’s web server running and you want to remove Zoom completely from your system, run the following commands.

These assume that you’ve uninstalled the Zoom app from your Applications folder first. If you haven’t, a Zoom update will likely re-enable the web server.

pkill ZoomOpener

rm -rf ~/.zoomus

Commands to remove Zoom's web server from a Mac

if you’d like to keep Zoom installed, Lifehacker‘s quick guide points out you should enable the “Turn off my video when joining a meeting” option for safety. Jonathan Leitschuh’s original disclosure provides more information about the problem.

Browser-based video conferencing apps may be a better solution in the future—if you’re just using an application in a browser with no software installation, it can’t do shady things like this to your Mac or PC.

https://twitter.com/SwiftOnSecurity/status/1148470839186247686

via How to See if Zoom Is Running a Secret Web Server on Your Mac (and Remove It)

One thought on “How to See if Zoom Is Running a Secret Web Server on Your Mac (and Remove It)

  1. Pingback: Another Apple vulnerability smh lol | The LR Zone

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.