These are the steps I needed to take to fix the zoom zero day vulerability
- Confirm that you are vulnerable, open this demonstration link: https://jlleitschuh.org/zoom_vulnerability_poc/
- Launch Zoom and check for updates to make sure you are up to date
- Open Terminal (Either via Spotlight or Launchpad)
- Use this command:
lsof -i :19421
to get the PID of the running instance ofZoomOpener.app
- Run
kill -9 <PID FROM PREVIOS CMD>
to stop the runningZoomOpener.app
- Run
rm -Rf .zoomus
from terminal to remove theZoomOpener.app
- The latest version of Zoom will reinstall the
ZoomOpener.app
everytime it is launched to prevent this we need to squat the.zoomus
with one owned by the super user on your computer. To do this typesudo mkdir .zoomus
in the Terminal. This will ask you for the password that you use to login, type that and the new directory should be made. This will prevent Zoom from reinstalling theZoomOpener
in the.zoomus
folder on your computer.