A zero-day vulnerability in the Zoom client for Mac allows a malicious website to hijack a user s web camera without their permission. Up to 4 million workers that use the Zoom for videoconferencing service are at risk from a flaw in the collaboration client. An outside adversary would need only to convince a user to visit a malicious. website with a specially crafted iFrame embedded with a. specially crafted. website. This would automatically launch a Mac user into a Zoom web conference while turning on their camera.
Source: https://threatpost.com/zoom-zero-day-mac-webcam-hijacking/146317/