Home > Mac administration, macOS, Scripting > Zoom vulnerability and remediation script

Zoom vulnerability and remediation script

Zoom is a popular video conferencing suite which is used by a number of shops because it provides a consistent cross-platform experience. Recently, it was discovered that Zoom was setting up a local webserver process. This capability enabled Zoom’s client to be launched in response to clicking a URL, but it also potentially allowed someone to be forcibly connected to a Zoom call with their video camera active. This issue has been assigned the following CVE identifier:

CVE-2019-13450: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13450

Update: 7-11-2019 – Apple has released an update to remove the Zoom web server from all Macs. This update deploys silently and does not require user interaction. For more details, please see Zoom’s July 10th blog post: https://blog.zoom.us/wordpress/2019/07/10/security-update-and-our-ongoing-efforts/

Once this vulnerability was widely publicized, Zoom responded with an updated version of their Zoom client for macOS which removes the local webserver and also allows users to manually uninstall the Zoom client. They also provided the following manual remediation instructions:

I’ve taken those commands and used them to build a script to address the vulnerabilities described in CVE-2019-13450. For more details, please see below the jump.

The script is available below and on my GitHub repo:


This script is also available as a payload-free package on my GitHub repo, available for download from the payload_free_package directory available from the link above.

  1. Brian
    July 10, 2019 at 4:29 pm

    Amazing Rich. I was just dealing with this today. Thank you for all you do.

  2. Danielle
    July 11, 2019 at 12:06 pm

    I’ve noticed running the update will also remove the issues. Does anyone have a script to force an update of Zoom?

  3. July 11, 2019 at 1:48 pm

    Hi Rich,

    thank you as always for your great work.

    This might be a bug or a feature, but if we start the zoom.us.app from a Zoom-Meeting link via Outlook, the sessions starts without video (which is the behaviour we want, thx to your script) – but it’s not possible, to activate the video anymore …

    Do you see this in your environment too?

  4. Bucky
    August 14, 2019 at 11:56 am

    We’re seeing the same issue as Marcel: sessions start without video as desired, but users cannot activate the video voluntarily.

    • August 14, 2019 at 12:24 pm

      As a workaround we adviced all users not to click the direct link inside Outlook but to copy and paste the link into the zoom.app – this way it seems to be possible to activate the video later …

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: