Zoom 0-Day - How Not to Handle a Vulnerability Report

Explore a detailed account of the 2019 Zoom 0-Day vulnerability disclosure in this conference talk from Shmoocon 2020. Delve into the discovery of a critical security flaw allowing malicious actors to activate Mac users' cameras without consent, and the hidden daemon that persisted after uninstallation. Follow the speaker's journey through the vulnerability reporting process, the decision to go public, and the escalating consequences that ultimately required intervention from Apple's security team. Gain insights into the complexities of responsible disclosure, corporate responses to security threats, and the potential ramifications of software vulnerabilities in widely-used applications.