Comment by muraiki
6 years ago
It's ridiculous to install a constantly running web service that uses tricks to circumvent CORS protection and to get around Safari's protections, which were both rightly created to improve user's security.
It's not a "so-called vulnerability". As the article describes, this could be used in concert with another vulnerability to achieve RCE. Combining vulnerabilities is often how RCE is attained.
These actions undo the thoughtful work of information security professionals to protect users. It's astonishing to me that people can't see what's wrong here.
Yeah, I was focussing on the webcam thing. That piece, taking individually, isn't a big deal.
But the web server / CORS bypass is completely fucked up, nefarious, and unforgivable.
Accordingly, I edited my post.
Could you further explain the CORS bypass? Why do they have to do the image hack if CORS if they open up CORS on the local server? At that point couldn't they retrieve data via JS instead?
CORS isn't supported to localhost, aka you can't do that; hence the image-size hack
7 replies →
Yeah, I wouldn't even call this a vulnerability. I'd call it malware. Nothing should secretly reinstall deleted apps without user interaction. Never. The user expressed the intention to delete the app, and you're undoing it without their permission? Deliberately defeating expressed user intent. Malware. Period. It's the Zoom Trojan.
> It's ridiculous to install a constantly running web service that uses tricks to circumvent CORS protection and to get around Safari's protections, which were both rightly created to improve user's security.
All of this to avoid an extra click. I know UX is important, but it is not more so than security.