The Zoom video conferencing app contains two big security issues for Mac users. First, uninstalling the app the regular way doesn’t actually remove it from your system; instead, by installing Zoom, you’ve actually installed a persistent web server on your system that can be used to reinstall the app without your permission.

Why is that a problem? Because an attacker can then send you an invite link to a meeting—embedded in a website, or even an email—which launches Zoom (even if you “removed” it). This joins you into a conference call and, by default, your webcam is on, which could create some awkward moments depending on what you’re up to.

There are two primary fixes for this problem, which security researcher Jonathan Leitschuh outlined in his recent public disclosure of Zoom’s vulnerabilities. At minimum, you’ll want to go into Zoom’s video settings and enable this setting: “Turn off my video when joining a meeting.”

...

The bigger solution, if you ask me, is to uninstall Zoom completely—which means removing that persistent web server it has dropped on your system. To do so, you’ll need to open up your Mac’s Terminal and run a two commands: