Apple Pushes Automatic Mac Software Update to Remove Vulnerable Zoom Web Server
Earlier this week, a serious vulnerability with the Zoom video conferencing app for macOS was disclosed, with attackers potentially able to hijack users' webcams.
The vulnerability was particularly notable because Zoom had installed a hidden web server on users' computers in order to allow for automatic answering of incoming calls, and that web server was not only the weak point that could be exploited, but it also was not removed upon deletion of the app. As a result, users who had previously deleted Zoom might not even realize they were vulnerable to this potential attack.
After initially defending the decision to install a web server on users' machines to work around changes in Safari 12 that would have required users to click to accept incoming calls, Zoom later backtracked and released a patch to remove the web server from users' computers.
Apple has now taken things one step further and pushed out a silent macOS update that removes the web server, reports TechCrunch. The update is deployed automatically, so users don't have to manually apply it in order for it to take effect.
Although Zoom released a fixed app version on Tuesday, Apple said its actions will protect users both past and present from the undocumented web server vulnerability without affecting or hindering the functionality of the Zoom app itself.
The update will now prompt users if they want to open the app, whereas before it would open automatically.
Zoom told TechCrunch it was "happy to have worked with Apple on testing this update" and that it should resolve all issues with the web server.
In a blog post, Zoom says it will take further action this weekend by automatically having first-time users who select "Always turn off my video" default to having video off for all future meetings. In addition, Zoom will be improving its bug bounty program and security-related issue escalation process.
Related Stories
Cellular carriers have always offered big savings on the newest iPhone models during the holidays, and Black Friday 2021 sales have now carried over into Cyber Monday as well. Right now we're tracking notable offers on the iPhone 13 and iPhone 13 Pro devices from AT&T, Verizon, and T-Mobile. For even more savings, keep an eye on older models like iPhone SE.
Note: MacRumors is an affiliate...
With Black Friday over, Cyber Monday 2021 is now in full swing and you can find many of the same sales as last week on Apple products like AirPods, Apple Pencil, and iPad Pro. In this article we're focusing on the best Cyber Monday discounts on Apple products like these and more.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we...
Monday November 29, 2021 7:38 am PST by
Sami FathiIn association with CIT as the financing partner, Apple has launched a new Mac Upgrade Program for small businesses and Apple business partners that allow companies to easily distribute and upgrade their fleets of MacBooks at an affordable price to all of their workers.
As outlined on CIT's website, shared by Max Weinbach, Apple Business Partners can distribute the 13-inch MacBook Pro,...
Black Friday 2021 deals are still going strong into Cyber Monday, and in this article we're tracking the best deals across Apple's AirPods lineup. Throughout the week we've been sharing the best sales for Apple devices like iPhone, Mac, and iPad, so be sure to follow us on Twitter for all of the latest Black Friday sales
Note: MacRumors is an affiliate partner with some of these vendors. When...
Apple's long-rumored augmented reality (AR) headset project is set to bear its first fruit late next year with the launch of the first device carrying a pair of processors to support its high-end capabilities, according to a new research report from noted analyst Ming-Chi Kuo seen by MacRumors.
According to Kuo, the higher-end main processor is said to be similar to the M1 chip Apple...
Our Black Friday 2021 coverage continues with the best deals you can find on MacBook Pro, MacBook Air, iMac, and Mac mini today. As with all Black Friday deals, we aren't sure how long any of these will last, and prices are always fluctuating, so if you see something you want, be sure to buy it soon.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and...
We started sharing deals on Apple products for Cyber Monday 2021 earlier today, and now we're tracking deals and bargains available from all of the best Apple accessory companies. Similar to Black Friday, you can expect Cyber Monday savings from Twelve South, Nomad, Belkin, Casetify, and many more.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and...
Top Rated Comments
I love it when Apple does this. They keep developers in check, like they did recently with Facebook. They also have a protection mechanism built into iOS that can remotely wipe rogue apps off every person’s device in the world. They’re the only company with the balls to do it and the security and privacy mindset to pull it off. May security and privacy forever be their #1 goal. Seriously, bless those beautiful engineers. They’re far from perfect, but among the best there is.
This is a disaster for Zoom. They had one of the best brands in the comms space, and they are destroying it with this “feature”’ which makes Macs vulnerable and then trying to pass this off like it’s no big deal. It’s breathtaking how tone deaf they are.
It’s despicable, and Zoom better act fast before they are dead to enterprises. No CIO/CTO will risk their career because a vendor has a slightly easier user experience.
This is company destroying stupidity and Zoom better act while they still can. Otherwise, they will be a business school case study of what not to do in a crisis.