According to the Verge reports, any website can open up a video-enabled call on a Mac with the Zoom app installed. That's possible in part because the Zoom app installs a web server on Macs that accepts requests regular browsers wouldn't.
If you uninstall Zoom, that web server persists and can reinstall Zoom without your intervention.
Leitschuh said how he responsibly disclosed the vulnerability to Zoom back in late March, giving the company 90 days to solve the problem.
Zoom doesn't appear to have done enough to resolve the issue. The vulnerability was disclosed to both the Chromium and Mozilla teams, but since it's not an issue with their browsers, there's not much those developers can do.
You can "patch" the vulnerability by making sure the Mac app is up to date and disable the setting that allows Zoom to turn your camera on when joining a meeting. "
Uninstalling Zoom won't fix this problem, as that webserver persists on your Mac. Turning off the webserver requires running some terminal commands, which can be found at the bottom of the Medium post.
 
				 
		  	

