Apple Pushes Automatic Mac Software Update to Remove Vulnerable Zoom Web Server
Earlier this week, a serious vulnerability with the Zoom video conferencing app for macOS was disclosed, with attackers potentially able to hijack users' webcams.

The vulnerability was particularly notable because Zoom had installed a hidden web server on users' computers in order to allow for automatic answering of incoming calls, and that web server was not only the weak point that could be exploited, but it also was not removed upon deletion of the app. As a result, users who had previously deleted Zoom might not even realize they were vulnerable to this potential attack.
After initially defending the decision to install a web server on users' machines to work around changes in Safari 12 that would have required users to click to accept incoming calls, Zoom later backtracked and released a patch to remove the web server from users' computers.
Apple has now taken things one step further and pushed out a silent macOS update that removes the web server, reports TechCrunch. The update is deployed automatically, so users don't have to manually apply it in order for it to take effect.
Although Zoom released a fixed app version on Tuesday, Apple said its actions will protect users both past and present from the undocumented web server vulnerability without affecting or hindering the functionality of the Zoom app itself.
The update will now prompt users if they want to open the app, whereas before it would open automatically.
Zoom told TechCrunch it was "happy to have worked with Apple on testing this update" and that it should resolve all issues with the web server.
In a blog post, Zoom says it will take further action this weekend by automatically having first-time users who select "Always turn off my video" default to having video off for all future meetings. In addition, Zoom will be improving its bug bounty program and security-related issue escalation process.
Popular Stories
Apple today announced that its 34th annual Worldwide Developers Conference will take place from Monday, June 5 to Friday, June 9. Like WWDC 2020, 2021, and 2022, WWDC 2023 will be an online event for the most part, and it will be open to all developers at no cost. Subscribe to the MacRumors YouTube channel for more videos. Apple will provide online sessions and labs, which will allow...
The iPhone 15 Pro and Pro Max will use a new ultra-low energy microprocessor allowing certain features like the new capacitive solid-state buttons to remain functional even when the handset is powered off or the battery has run out, according to a source that shared details on the MacRumors forums.
CAD-based render of new solid-state buttons on iPhone 15 Pro models The source of this rumor is ...
General Motors (GM) will phase out Apple CarPlay and Android Auto in its vehicles starting this year, shifting to a built-in infotainment system co-developed with Google (via Reuters).
GM owns Buick, Cadillac, Chevrolet, and GMC in the United States. It will stop offering Apple CarPlay and Android Auto starting with the 2024 Chevrolet Blazer, which goes on sale this summer. The company plans ...
iPhone 15 Pro and iPhone 15 Pro Max models are rumored to feature a customizable Action button like the Apple Watch Ultra, according to a MacRumors forum member who leaked accurate details about the Dynamic Island on iPhone 14 Pro models last year.
The source claimed the Action button will replace the Ring/Silent switch that has been included on every iPhone model since 2007. They did not...
Following six weeks of beta testing, iOS 16.4 was released to the public this week. The software update includes a handful of new features and changes for the iPhone 8 and newer. To install an iOS update, open the Settings app on the iPhone, tap General → Software Update, and follow the on-screen instructions.
Below, we have recapped eight new features and changes added with iOS 16.4,...
With the Apple Music Classical app and an Apple Pay Later early access program now available, the list of previously-announced iOS features that have yet to launch is beginning to shrink. However, there are still a few features we are waiting for. Below, we have recapped three more iOS features that are expected to launch in 2023, including an Apple Card savings account for Daily Cash,...
Apple has again pushed back mass production of its mixed-reality headset and the device may not appear at this year's Worldwide Developers Conference (WWDC), Apple analyst Ming-Chi Kuo today said.
Apple headset concept by David Lewis and Marcus Kane In a tweet, Kuo explained that Apple "isn't very optimistic" about whether the headset will be able to create an "iPhone moment." As a result,...
Top Rated Comments
I love it when Apple does this. They keep developers in check, like they did recently with Facebook. They also have a protection mechanism built into iOS that can remotely wipe rogue apps off every person’s device in the world. They’re the only company with the balls to do it and the security and privacy mindset to pull it off. May security and privacy forever be their #1 goal. Seriously, bless those beautiful engineers. They’re far from perfect, but among the best there is.
This is a disaster for Zoom. They had one of the best brands in the comms space, and they are destroying it with this “feature”’ which makes Macs vulnerable and then trying to pass this off like it’s no big deal. It’s breathtaking how tone deaf they are.
It’s despicable, and Zoom better act fast before they are dead to enterprises. No CIO/CTO will risk their career because a vendor has a slightly easier user experience.
This is company destroying stupidity and Zoom better act while they still can. Otherwise, they will be a business school case study of what not to do in a crisis.