Zoom - web server removal (CVE-2019-13450)

Zoom has released a patch to remove the web server components they had been deploying on Macs until this week. I have a few hundred endpoints where Zoom had been uninstalled and the web server components are still present. I want to ready an action that I can deploy that will find these systems and remove the web server.

The fixlet relevance so far looks like:
mac of operating system
not exists folder "/Applications/zoom.us.app"
exists folder “.zoomus” of folders of folder “/Users”

I could use an assist on the action script to remove ~/.zoomus directory, and creating a ~/.zoomus file.
Basically I want to iterate through every user folder in /Users and rm -rf /.zoomus && touch /.zoomus and am having a difficult time accomplishing this task. Any suggestions? I’d be happy to share my fixlet once it’s working. :slight_smile:

1 Like

For Macs, you can use the relevance:

folders of folder "/Users"

to get the user folders. You can extend this to look inside all user folders by using something like:

folders "Library" of folders of folder "/Users"

If you want to follow a path more than one folder deep, Use:

folders "Library/Preferences" of folders of folder "/Users"
or
folders "Preferences" of folders "Library" of folders of folder "/Users"

Thanks. The relevance is working good. Figuring out the action script to remove .zoomus from all user folders is a bit more challenging. Mac shell scripts are not exactly my forte.

Here is some action script I use to clear out some files from a folder that you should be able to adapt.
It builds a file that contains a list of rm commands for each file, then runs the file as a shell script.

delete __createfile
createfile until __EOF
#!/bin/sh

{concatenation "; " of ("rm -f %22" & it & "%22") of ( PUT YOUR RELEVANCE HERE )}

__EOF

delete delete_files.sh
move __createfile delete_files.sh
wait /bin/sh delete_files.sh
3 Likes

Can you share your fixlet when ready :wink: