Zack Whittaker for TechCrunch:
“Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.
“The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.
“Apple said the update does not require any user interaction and is deployed automatically.”
As we noted earlier:
“A security researcher has identified an extremely serious vulnerablity in the Zoom videoconferencing system that lets any website open up a video-enabled call on a Mac with the Zoom app installed — even if you’ve previously deleted the software.”
MacDailyNews Take: Zoom said it was happy to have “worked with Apple on the update”. We say the work shouldn’t have been necessary in the first place.