If you're using macOS, run these commands:
pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus; pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;
These two commands do the same thing for the two most popular "brands" of Zoom (Zoom, and RingCentral). They first kill the hidden server if it is running, and then regardless deletes it from its hidden directory if it exists there. Finally they create an empty file and set permissions on it such that the hidden server cannot be reinstalled back to that location. For the current versions of these applications this is sufficient, however it is possible that a later version could subvert this fix.
If you're using Safari on macOS you're now good to go. However if you're using any other browser (even on other operating systems) you may still see a link immediately open Zoom for you. This is not the same vulnerability, and is in fact one you yourself opted into, though you may not have realized it. This will occur if you ever checked a box on a pop-up window for a Zoom meeting link that said something like "Always open these links in Zoom".
Here's how to undo that.
- Navigate to chrome://version/ and find the path listed under "Profile Path".
- Quit Chrome, open that directory, and then open the "Preferences" file.
- This is a JSON file. Look for the string
"zoomrc":false. If it either exist, remove them. If there is a comma immediately after either string, remove it as well.
- Save the file.
- Open Firefox's Preferences.
- Search for the string
zoomrcusing "Find in Preferences".
- If you see a table with the headers "Content Type" and "Action", find the row labeled
zoomrcand set the action to "Always ask"
In any case, refrain from checking the box in a modal dialog to opt you back into this behavior in the future. Safari is currently the only known popular browser to not allow you to shoot yourself in the foot this way.