https://techcrunch.com/2019/07/08/a-vulnerability-in-zooms-mac-client-could-allow-websites-to-turn-on-cameras-without-permission/

A vulnerability in the Mac client for popular web conferencing app Zoom may allow any website to join a video call without permission, writes software engineer and security researcher Jonathan Leitschuch. In a Medium post published today, Leitschuch detailed the vulnerability, writing that it may remain an issue even if users have uninstalled the Mac client: “If you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost webserver on your machine that will happily reinstall the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.”

Leitschuch included patches for the vulnerability, including how to disable the ability for Zoom to turn on your webcam when joining a meeting, a terminal command for disabling video by default and instructions on how to shut down the web server and remove web server application files.