During the coronavirus outbreak, increased usage of video conferencing applications and services led security personnel to find more security issues in Zoom. The video conferencing service Zoom is reportedly installed on the Mac by addressing Apple’s general security measures, and has also touted its end-to-end encryption, but apparently not.
It had previously sent user data to Facebook ( allegedly fixed) and now has been charged with two separate security issues. Twitter user c1truz_ (the technical leader of malware tracker VMRay) reported that Zoom’s Mac app installer used a pre-install script and allegedly displayed a fake macOS system message.
C1truz claims that when installing the app on a Mac, it does not require final consent from the user, and highly misleading tips are used to obtain root privileges. AppleInsider has contacted Zoom about the allegations but has not received comment. Apple also did not comment publicly. However, Apple previously forced Mac OS updates to users to correct Zoom security issues.
In addition, The Intercept claims that Zoom is not really end-to-end encryption, and that the connection between the user and the Zoom server is encrypted throughout the video chat, but does not prevent Zoom itself from seeing the call process. “In fact, Zoom uses its own terminology definition, which allows Zoom itself to access unencrypted video and audio in the meeting,” Intercept said. A Zoom spokesman confirmed this to The Intercept and said it was not possible to enable E2E encryption for Zoom video conferencing.