MacRumors
All >
Guides
FaceTime

Everything you might want to know about FaceTime.

A12Z vs A12X

Apple in March 2020 introduced new 11- and 12.9-inch iPad Pro models with A12Z processors. Here's how it compares to the A12X.

How to Group FaceTime

Many people are stuck at home, away from friends and family. Apple's FaceTime can video chat with up to 32 people at once.

How to Clean and Sanitize your iPhone

Washing your hands is only going half way. You should also clean your iPhone regularly.

How to Clean Your Keyboard, Trackpad and Mouse
iOS 13 Battery Tips
iPhone
Night Mode (iPhone 11)
iPhone 11 vs iPhone 11 Pro
iPhone 11 vs iPhone XR
iOS 13: Hidden Features
See more guides
Upcoming
iPhone 12
September 2020

Four new phones in three sizes expected with 5G and new AR capabilities.

iPhone SE 2020
Early 2020

Low-cost device similar to iPhone 8 but with upgraded internals such as latest A13 chip.

MacBook Pro
Early 2020

Updated 13-inch model with the redesigned scissor keyboard expected.

AirTags
2020?

Apple is working on a Tile-like Bluetooth tracking device that's designed to be attached to items like keys and wallets for tracking purposes, letting you find them right in the Find My app.

iOS 14
Foldable iPhone
See full product calendar

Serious Vulnerability in Zoom Video Conference App Could Let Websites Hijack Mac Webcams [Updated]

Tuesday July 9, 2019 3:58 AM PDT by Tim Hardwick

A serious zero-day vulnerability in the Zoom video conferencing app for Mac was publicly disclosed today by security researcher Jonathan Leitschuh.

In a Medium post, Leitschuh demonstrated that simply visiting a webpage allows the site to forcibly initiate a video call on a Mac with the Zoom app installed.


The flaw is said to be partly due to a web server the Zoom app installs on Macs that "accepts requests regular browsers wouldn't," as noted by The Verge, which independently confirmed the vulnerability.

In addition, Leitschuh says that in an older version of Zoom (since patched) the vulnerability allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call. According to Leitschuh, this may still be a hazard because Zoom lacks "sufficient auto-update capabilities," so there are likely to be users still running older versions of the app.

Leitschuh said he disclosed the problem to Zoom in late March, giving the company 90 days to fix the issue, but the security researcher reports that the vulnerability still remains in the app.

While we wait for the Zoom developers to do something about the vulnerability, users can take steps to prevent the vulnerability themselves by disabling the setting that allows Zoom to turn on your Mac's camera when joining a meeting.

Note that simply uninstalling the app won't help, because Zoom installs the localhost web server as a background process that can re-install the Zoom client on a Mac without requiring any user interaction besides visiting a web page.

Helpfully, the bottom of Leitschuh's Medium post includes a series of Terminal commands that will uninstall the web server completely.

Update: In a statement given to ZDNet, Zoom defended its use of a local web server on Macs as a "workaround" to changes that were introduced in Safari 12. The company said that it felt running a local server in the background was a "legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator."

Update 2: Zoom is no longer taking a defensive stance and has now released a patch.

Tags: security, Zoom

Top Rated Comments

(View all)
Avatar
Unggoy Murderer
10 months ago


"legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator."

So they basically circumvented browser security mechanisms to solve a user experience "issue". That is absolutely not a legitimate excuse.
Score: 14 Votes (Like | Disagree)
Avatar
Return Zero
10 months ago
When your key product differentiator is both internally and externally acknowledged as a workaround with major security risks, you have completely failed as a software company.
Score: 11 Votes (Like | Disagree)
Avatar
MallardDuck
10 months ago
Let see:

Install hidden, insecure background server process
Fail to remove it on uninstall
Fail to disclose that you did so
Fail to patch it when notified
Defend your actions to work around security features to 'save users' one single click
Destroy your brand and confidence in your solution shortly after going public

Priceless.
Score: 8 Votes (Like | Disagree)
Avatar
windywalks
10 months ago
OK, so Zoom is going on my "never use again" pile.
Their excuse is just pathetic and the fact that they had 3 months to fix it and chose not to is just unacceptable.
Score: 7 Votes (Like | Disagree)
Avatar
orbital~debris
10 months ago

enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator."

More like enabling hackers to have “seamless, open-to-anyone webcam access” is their “key product differentiator”!
Score: 3 Votes (Like | Disagree)
Avatar
rmt55
10 months ago
I'm sorry... "simply uninstalling the app won't help" ??? In that case, how does one uninstall the localhost web server background process?
Score: 3 Votes (Like | Disagree)
Read All Comments

Top Stories

Leaker Claims New 13-inch MacBook Pro Coming as Soon as Next Month

Monday April 6, 2020 2:56 am PDT by Tim Hardwick
Apple will announce a new 13-inch MacBook Pro in May with the codename J223, according to a rumor shared by YouTuber and leaker Jon Prosser. Note: it’s a refresh to the current 13” So the bigger 14” display upgrade is a big possibility— Jon Prosser (@jon_prosser) April 4, 2020 Analyst Ming-Chi Kuo has said Apple plans to release new MacBook Pro and MacBook Air models with scissor keyboards ...
Read Full Article162 comments

'Leaked' Images Allegedly Show iPhone 12 With Smaller Notch, Rear Camera Redesign, and Home Screen Widgets

Tuesday April 7, 2020 4:28 am PDT by Tim Hardwick
Two images shared on social media this morning are currently stoking speculation about possible hardware redesigns coming to the iPhone 12 and the potential introduction of Home screen widgets in iOS 14. Shared by Twitter user Fudge (choco_bit), the images depict a front and rear graphical representation of a smartphone with interface elements on the screen, suggesting it came out of a...
Read Full Article131 comments

Apple Releases iOS and iPadOS 13.4.1 With Fix for FaceTime Bug

Tuesday April 7, 2020 10:06 am PDT by Juli Clover
Apple today released iOS and iPadOS 13.4.1, minor updates that come two weeks after the release of iOS and iPadOS 13.4, major updates that introduced iCloud Folder Sharing, a new Mail toolbar, trackpad support for the iPad, and more. The iOS and ‌iPadOS‌ 13.4.1 updates are available on all eligible devices over-the-air in the Settings app. To access the updates, go to Settings > General...
Read Full Article100 comments

More References to Apple's Upcoming Low-Cost iPhone Appear Online

Monday April 6, 2020 4:38 am PDT by Tim Hardwick
Further references to Apple's upcoming low-cost iPhone have appeared online, one on a Chinese e-commerce website and another on Verizon's smartphone trade-in page. Spotted by tech blog MySmartPrice, Chinese retailer JD.com has published a placeholder for Apple's so-called "iPhone 9" that includes a teaser image of a veiled smartphone, but other than that it lacks any particularly revealing...
Read Full Article113 comments

Apple Reportedly Targeting WWDC for Over-Ear Headphones Launch, New 'AirPods X' Later in the Year

Tuesday April 7, 2020 7:00 am PDT by Eric Slivka
Rumors of Apple-branded over-ear headphones have been circulating for quite some time, while more recent rumors have mentioned an "AirPods Pro Lite" that could also be in the works, and Twitter leaker Jon Prosser's recent foray into Apple rumors provides a bit more detail on what we might able to expect for these products. Current Beats Studio3 Wireless and BeatsX On the over-ear side,...
Read Full Article75 comments

Facebook Launches 'Tuned' Messaging App for Couples

Wednesday April 8, 2020 4:50 am PDT by Tim Hardwick
Facebook has quietly released Tuned, a new messaging app designed to provide a "private space" for couples to connect, reports The Information. Designed by NPE, an experimental group within the company that was established last year, the app encourages couples to share messages, notes, cards, voice memos, photos and Spotify songs with each other, thereby creating a "digital scrapbook" of...
Read Full Article78 comments

Apple Shares Assembly and Use Instructions for New Face Shields, Shipping 1 Million Per Week to Medical Workers

Tuesday April 7, 2020 8:54 am PDT by Eric Slivka
Following this weekend's news from Tim Cook that Apple is working with its supply chain to produce a million face shields per week for medical workers, the company has shared a support document outlining how to assemble and adjust the shields. The document includes a series of images and animations showing how the simple three-piece product can be assembled for either a regular fit or with...
Read Full Article66 comments

Some Users Experiencing System Crashes on macOS 10.15.4, Especially During Large File Transfers

Monday April 6, 2020 8:17 am PDT by Joe Rossignol
A sizeable number of Mac users are experiencing occasional system crashes after updating to macOS Catalina version 10.15.4, released a few weeks ago. The crashing issue appears to be most prominent when users attempt to make large file transfers. In a forum post, SoftRAID described the issue as a bug and said that it is working with Apple engineers on a fix for macOS 10.15.5, or a...
Read Full Article246 comments

2020 iPad Pro Confirmed to Lack a U1 Ultra Wideband Chip

Tuesday April 7, 2020 7:52 am PDT by Eric Slivka
Last week, we laid out evidence suggesting that the just-released iPad Pro models do not contain a U1 Ultra Wideband chip, including the lack of any mention of the chip in tech specs or Apple's press materials, the absence of software support for U1 features, and more. Most tellingly, iFixit was unable to find the chip or related antennas in the device. Daring Fireball's John Gruber has follo...
Read Full Article102 comments

The New York Times, IFTTT, Medium, and Other Apps Adopt Sign in With Apple Ahead of June 30 Deadline

Sunday April 5, 2020 7:08 pm PDT by Frank McShan
Apps with sign-in functionality, including The New York Times, IFTTT, Medium, and more, have continued to adopt Apple's secure Sign in with Apple feature ahead of a deadline of June 30. The deadline for these apps to support the feature was recently extended from April 30. Sign in with Apple, first introduced in iOS 13, allows users to create accounts for apps and websites using an Apple ID. ...
Read Full Article36 comments
Mac RumorsMac Rumors

 

MacRumors attracts a broad audience of both consumers and professionals interested in the latest technologies and products. We also boast an active community focused on purchasing decisions and technical aspects of the iPhone, iPod, iPad, and Mac platforms.

Advertise on MacRumors


Our Staff

Arnold Kim
Editorial Director
EmailTwitter
Eric Slivka
Editor in Chief
EmailTwitter
Juli Clover
Senior Editor
EmailTwitter
Joe Rossignol
Editor
EmailTwitter
Marianne Schultz
Editor
EmailTwitter
Dan Barbera
Video Content Producer
EmailTwitter
Mitchel Broussard
Contributing Editor
EmailTwitter
Tim Hardwick
Contributing Writer
EmailTwitter
Chris Jenkins
Contributing Writer
EmailTwitter
Steve Moser
Contributing Writer
EmailTwitter

Links

Touch Arcade
Puzzle Adventure Game htoL#NiQ: The Firefly Diary from NIS Gets a Surprise Release on iOS and Android
Out Now: ‘Beat Hazard 2’, ‘Wilderless’, ‘Sonar Smash’, ‘Tubetastic: World Splashfest’, ‘htoL#NiQ: The Firefly Diary’, ‘Bark Park!’, ‘Door Kickers: Action Squad’, ‘Another Road’ and More
Limited Time Gravity Force Mode in ‘World of Tanks Blitz’ Lets You Play with Moon Physics and Even Win Actual Land on the Surface of the Moon
SwitchArcade Round-Up: ‘Black Bird’ Goes Physical, ‘Towertale’ and Today’s Other New Releases, the Latest Sales Featuring Ubisoft Titles and More
‘Forza Street’ from Microsoft and Turn 10 Studios Launches Next Month on iOS and Android for Free
Grab ‘Furdemption’ and ‘King Rabbit – Classic’ for Free Before They’re Gone for Good with the Arrival of the New ‘King Rabbit’ this Friday
Music-Powered Dual-Stick Shooter ‘Beat Hazard 2’ Now Available on iOS and Android
SwitchArcade Round-Up: ‘Animal Crossing’ Updates, ‘GrimValor’, ‘Disaster Report 4’, and Today’s Other New Releases, the Latest Sales Including SEGA Games and More
YouTube
iPad & iPhone Apps to Keep You Entertained at Home!
Work From Home Apps,Tips, & Accessories You Should Check Out!
2020 iPhone SE Coming Soon, Apple Leaks AirTags, Apple Buys Dark Sky and More!
2020 iPad Pro vs MacBook Air - Which Should You Buy?
New Brydge Pro+ Keyboard with Trackpad for iPad Pro!
Copyright © 2000-2020 MacRumors.com, LLC.
Privacy / DMCA contact / Affiliate and FTC Disclosure
[ Featured On/Off ] [ Full Articles On/Off ] [ Fluid | Fluid HD ] [ Auto | Light | Dark ]