I was on a Zoom meeting, during which I noticed a window in another program had opened. I hadn't opened Terminal. I didn't think to screen cap it. In the terminal window the system had responded that there was no man page for what was a random number, like 583048 or some such, and the process was complete. A man page seemed like an innocent command, however I have no idea why Terminal launched. Any thoughts?
iMac Pro
Restore your Mac from a Time Machine backup created prior to installing the "Zoom" client product, or at least as far back as having been made aware of that event. That's what I would do. Yes it's that serious.
If your Mac has been compromised from its use or anything else for that matter it is literally impossible to determine and correct the extent of the breach. Don't bother looking for a product that claims the ability to do that. It's technologically impossible.
The "Zoom" product has suffered from an alarming number of security breaches, and the company has been less than forthcoming in its response to them. Attacks are ongoing and are likely to continue. There have been a number of reports regarding that product's many vulnerabilities and as many actual or theoretical attacks, but I will not draw your attention to them because most if not all of those reports are promulgated by self-aggrandizing blowhards motivated to foment fear and discord at a time when that's the last thing anyone needs. Getting to the actual facts of the matter is more difficult because the technical details are arcane and poorly suited to attention-grabbing headlines that earn clickthrough revenue—the only ones you will find by Googling.
The fear may be overstated, unfortunately the vulnerabilities are real, so your concern is justified. All users of that product will be required to upgrade to their latest version on May 30, which implements end-to-end GCM encryption. But wait, didn't Zoom tell us it was already securely encrypted? Yes they did. So why the forced upgrade? Good question. And why wait until May 30? Even better question.
If you are required to use that product, do so from within a virtual machine or separate boot partition and erase it after its use. Furthermore, if your needs are such that end-to-end encryption are required, then use FaceTime. There is no other product capable of conveying its degree of security. And, if Apple were to become aware of a security breach they will either patch it or shut it down immediately as they have in the past. I doubt they'd wait some arbitrary period of time.
You're welcome.
I realize my advice may seem to be overkill. This site is overrun with plenty of imaginary threats, but the spontaneous launching of some unknown program is a real concern. Of course Zoom's dubious security record does nothing to alleviate that unease. I'd erase that Mac.
Thank you very much. I wish I had a TM backup with which to restore from. My external HD has been flaky and I’d stopped backing up.
Doing the math, must I my drive? and from where do I get an install? The iMac Pro proudly came pre-installed with no disks. I’d also added FCP and Logic to the package at purchase.
I see there's no way to edit my first reply. The last paragraph, in my first reply should've read:
Doing the math, must I zero my drive? and from where do I get an install? The iMac Pro proudly came pre-installed with no disks. I’d also added FCP and Logic to the package at purchase.
Thank you so much.
To erase and reinstall macOS read How to reinstall macOS from macOS Recovery - Apple Support. There is no need for installation media; it's all done through Recovery.
You would need to reinstall FCP, Logic and everything else you require from their original sources.
Also there's no need to multi-pass erase or "zero" the iMac Pro's internal storage. Not only is that impossible to accomplish, you simply need to guarantee whatever that Terminal action did is eliminated. Erasing the Mac will do that. If any information it contains has already been harvested though, through a keylogger or remote access tool or whatever else those completely unknown actions might have accomplished, it's already in the wind. It would be wise to consider actions such as changing passwords, etc.
One more thing... consider its implications for Apple's Program License Agreement, which states in part:
Examples of Suspicious Software
Software with the following qualities may qualify as malware or contain malicious, suspicious, or harmful code or components:
...
Degrades security or privacy.
Did any of that happen? Who knows, but it's something to think about.
I found a Terminal window open but I hadn't launched the program.
