Apple quietly saves Zoom’s …

Zack Whittaker for TechCrunch:

“Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

“The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.

“Apple said the update does not require any user interaction and is deployed automatically.”

As we noted earlier:

“A security researcher has identified an extremely serious vulnerablity in the Zoom videoconferencing system that lets any website open up a video-enabled call on a Mac with the Zoom app installed — even if you’ve previously deleted the software.”

MacDailyNews Take: Zoom said it was happy to have “worked with Apple on the update”. We say the work shouldn’t have been necessary in the first place.

7 Comments

    1. In System Preferences>Software Update>Advanced there is a check box at the bottom that gives Apple permission to auto download system and security updates. There is no reason to leave that unchecked. I don’t allow apps to auto update but I do allow the security updates from Apple.

      1. A reason to leave this unchecked: some third-party software (example — NVidia web drivers) rely on a specific version of the OS (ie, it’s tied to the version #). These security updates can change that, rendering your machine unusable until an updated driver is released. Not allowing automatic updates lets you install the patches on your own schedule.

Add Your Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.