Zoom, a popular video-conferencing application, is in hot water today. The Mac version runs a secret web server in the background—even after you uninstall it!—that can be used to reinstall Zoom and even turn on your video camera.
If you’re wondering whether you’re affected—maybe you’re not sure if someone has ever installed Zoom on your Mac and then uninstalled it—here’s how to check.
To see whether you have the main Zoom app currently installed, open the Finder app, select Applications, and look for “zoom.us” in the list. If you have this app installed, you almost certainly have the web server running.
But, even if you don’t have the app here, the web server will still be running in the background if you’ve ever installed and then uninstalled Zoom.
To check whether the server is running, open a Terminal window. To do so, press Command+Space to open Spotlight search, type “Terminal,” and press Enter. You can also head to Finder > Applications > Utilities > Terminal.
To discover whether the web server is running, type the following command and press Enter:
lsof -i :19421
If you see a “ZoomOpene” process running, the web server is running in the background. If you don’t, it’s not.
If you do see Zoom’s web server running and you want to remove Zoom completely from your system, run the following commands.
These assume that you’ve uninstalled the Zoom app from your Applications folder first. If you haven’t, a Zoom update will likely re-enable the web server.
pkill ZoomOpener rm -rf ~/.zoomus
if you’d like to keep Zoom installed, Lifehacker‘s quick guide points out you should enable the “Turn off my video when joining a meeting” option for safety. Jonathan Leitschuh’s original disclosure provides more information about the problem.
Browser-based video conferencing apps may be a better solution in the future—if you’re just using an application in a browser with no software installation, it can’t do shady things like this to your Mac or PC.
ProTip: Just uninstall all meeting apps from your computer. Use the browser version of the meeting client. They work well now. Apps run stuff in the background and I won’t even get into the stupid stuff they waste CPU time on when you’re never even using them 99.9% of the time.
— SwiftOnSecurity (@SwiftOnSecurity) July 9, 2019