From BuzzFeed News:
“We consciously enabled the ability to have meeting joins initiated from within an iframe on a webpage,” said Farley, who also noted that the company is not disabling the capability after the security researcher’s findings. Asked whether it was a concern that such iframes require no click from the user to join a meeting, he replied, “No, that’s not a security concern.”
The above is a quote from Zoom’s Chief Security Officer Richard Farley.
In a nutshell, Zoom is purposely bypassing security steps put in place by browser manufacturers and don’t care about the security implications because they think there aren’t any 🤦♂️
I already removed the app and the locally running web server from my Mac, but I’m still stuck using the iPad app because we use Zoom at work (for now) otherwise I’d completely ditch it in a heartbeat.