A campus-wide email sent on July 11 informed students of a security flaw in the computer software, Zoom.
“Reports this week indicated that the Zoom Mac client had a webcam security flaw, which allowed activation of the webcam without user knowledge,” the email from SDSU Chief Information Officer Jerry Sheehan said.
Both Zoom and Apple released an update that fixes the webcam vulnerability. The email suggests enabling additional protection in the Zoom preferences by selecting “turn off my video when joining a meeting.” Computers on campus that have administrative access on campus will be patched.
“We are working, as well, with the individual IT staff to make sure that all the labs that use Zoom — the library, all the computers under our management — everything is patched, including faculty computers as well,” Interim Information Security Officer Ricardo Fitipaldi said.
He said part of the problem with the vulnerability has to do with a web server.
“So part of the vulnerability was that Zoom had a web server running in (student’s) computers and the network does not like those things because that can cause other vulnerabilities,” Fitipaldi said. “Not that it did at this time, but it can.”
He said vulnerabilities happen whenever a system updates, making it a continual process of patching and improving. But he said being able to identify the issues is the first step toward addressing them.