[NCUC-DISCUSS] Please specify & Clarify is My Privacy at Risk?

Vaibhav Aggarwal, Catalyst & Group CEO va at bladebrains.com
Wed Jul 10 06:47:54 CEST 2019


Dear Priscillia,

I appreciate your response. But this is too little and too late. If there was a Vulnerability, why were we not informed earlier as a customer / User. Secondly, I will need to understand what is the extent of this vulnerability. By Saying “Low risk Vulnerability” it is clearly showing that you are not willing to elucidate and want to either brush it under the carpet or ignore or underplay the risk. 

This is a mandatory disclosure you need to do as it is my privacy at stake. This is Super Important. 

Regards,
-VA

> On Jul 10, 2019, at 2:44 AM, Priscilla McCarthy <priscilla.barolo at zoom.us> wrote:
> 
> Hi there Vaibhav,
> Thank you for your email. These are low-risk vulnerabilities that apply only to Mac users, and we have drafted a blog post discussing them. We are updating our service tonight and this coming weekend. When you see prompted updates, you should update your Zoom app to ensure your security. Here is more information: https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/ <https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/>
> Thank you!
>   <https://zoom.us/>	
> Priscilla Barolo
> Manager, Communications
> Zoom Video Communications
> Call 650-438-9456 <tel:650-438-9456> |    Click zoom.us <https://zoom.us/>  |  Zoom 650-438-9456 <http://zoom.us/j/650-438-9456>
>                                                            <http://www.facebook.com/zoomvideocommunications>                                                     
>                                                            <http://www.twitter.com/zoom_us>                                                     
>                                                            <http://www.linkedin.com/company/zoom-video-communications-inc-/>                                                     
>                                                            <https://zoom.us/referrals>                                                     
> 		
> 
> 
>  <https://smart.zoom.us/v2/a/zoomtopia19/5d2503c401ca44fa0d942282-OjqXg/httpszoomtopia.us>
> 
> On Tue, Jul 9, 2019 at 12:20 PM Vaibhav Aggarwal <va at thevaibhav.com <mailto:va at thevaibhav.com>> wrote:
> Dear Eric,
> 
> I am in receipt of this following email content : 
> 
> Hey - remember when ICANN switched everyone from Adobe over to Zoom as a way of enhancing information security and data privacy?
> 
> "A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission... This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission. On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call. Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day."
> 
> Read more here: https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 <https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5>
> 
> Please Clarify if my privacy at risk. And the steps taken to protect my privacy.
> 
> Regards,
> 
> Vaibhav Aggarwal
> New Delhi, India
> vaibhavaggarwal.com <http://vaibhavaggarwal.com/> 
> twitter.com/thevaibhag <http://twitter.com/thevaibhag>
> youtube.com/+vaibhavaggarwalindia <http://youtube.com/+vaibhavaggarwalindia>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20190710/b3178a4c/attachment.html>


More information about the Ncuc-discuss mailing list