I could be wrong, but it looks like they are doing a server-side redirect to the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		aarbor989 on July 10, 2019 \| parent \| context \| favorite \| on: Zoom fixes major Mac webcam security flaw with eme... I could be wrong, but it looks like they are doing a server-side redirect to their custom zoommtg:// URI protocol now instead of making a call to the localhost server. Couldn't anyone still drop this on their website and force you to join through a redirect just as zoom is? I don't see how that particular concern of the disclosure could be avoided unless browsers force confirmation, as Safari has done.

AgloeDreams on July 10, 2019 [–]

MacOS as a whole forces confirmation on deeplinks. The old solution skipped the OS confirmation dialog.

aarbor989 on July 10, 2019 | [–]

Hmm..but I'm not getting a confirmation prompt on Firefox or Chrome? Visiting a zoom link in either of those browsers takes me directly into the meeting

javagram on July 10, 2019 | | [–]

Safari 12 forces the confirmation, not all browsers.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact