Hacker News new | past | comments | ask | show | jobs | submit login

I wouldn't call it a bug. Zoom deliberately engineered their app so it opened a security threat, accessible from any website on your browser, on your local machine without the user's knowledge. Then they reinstalled their software after the user had uninstalled it. Again, deliberately engineered that way.

That is not a bug

Zoom's intention was not to introduce a security vulnerability. That's why I'm calling it a bug.

Their intention was to bypass an inbuilt security measure. So no, maybe they didn't mean to add a vulnerability but they did mean to reduce the security of the system as a whole

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact