· 6 years ago · Jul 22, 2019, 05:10 AM
1If you're using macOS, run these commands:
2
3```sh
4pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus;
5pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;
6```
7
8These two commands do the same thing for the two most popular "brands" of Zoom (Zoom, and
9RingCentral). They first kill the hidden server if it is running, and then regardless
10deletes it from its hidden directory if it exists there. Finally they create an empty file
11and set permissions on it such that the hidden server cannot be reinstalled back to that
12location. For the current versions of these applications this is sufficient, however it is
13possible that a later version could subvert this fix.
14
15If you're using Safari on macOS you're now good to go. However if you're using any other
16browser (even on other operating systems) you may still see a link immediately open Zoom
17for you. This is _not_ the same vulnerability, and is in fact one you yourself opted into,
18though you may not have realized it. This will occur if you ever checked a box on a pop-up
19window for a Zoom meeting link that said something like "Always open these links in Zoom".
20
21Here's how to undo that.
22
23For Chrome:
241) Navigate to chrome://version/ and find the path listed under "Profile Path".
252) Quit Chrome, open that directory, and then open the "Preferences" file.
263) This is a JSON file. Look for the string `"zoommtg":false` or `"zoomrc":false`. If it either exist, remove them. If there is a comma immediately after either string, remove it as well.
274) Save the file.
28
29
30For Firefox:
311) Open Firefox's Preferences.
322) Search for the string `zoommtg` or `zoomrc` using "Find in Preferences".
333) If you see a table with the headers "Content Type" and "Action", find the row labeled `zoommtg` and/or `zoomrc` and set the action to "Always ask"
34
35
36In any case, refrain from checking the box in a modal dialog to opt you back into this
37behavior in the future. Safari is currently the only known popular browser to not allow
38you to shoot yourself in the foot this way.