In order to protect the integrity of its services, Apple implicitly released a swift of an update for Mac users to remove an unguarded component in Zoom, a huge video conferencing platform, that connects websites to add users automatically to a video call even without their permission.
The update removes hidden web servers, which Zoom silently installed on users’ Macs when they availed and installed the said app.
The said update is required, though it doesn’t need any user interaction, the update is deployed automatically.
Zoom discloses from users following a public vulnerability disclosure on Monday by in which he described how
Jonathan Leitschuh, a Member of the Gradle Security Team described how “any website forcibly joins a user to a Zoom call, with their video camera activated, without the user’s permission.” A tricky side of the platform is that the web server remains installed despite a user uninstalling Zoom. Leitschuh even said that this still allows Zoom to reinstall itself even without user interaction.
“If you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily reinstall the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.” Leitschuh said in a statement.
Zoom tried fixing the app by releasing a version update on Tuesday. Apple said this action will protect both past and present users from the web server vulnerability without interrupting the performance of Zoom. The said update will notify and ask for its user’s permission if they would want to open the app or the other way around, so it would not open automatically.
Apple does push silent updates to its Macs to prevent known malware to break the system’s vulnerability, though it’s quite rare for Apple to perform an action publicly against a known or popular app. The company assured its users that the update is intended to protect the risks that users encounter or might encounter.
Priscilla McCarthy, Zoom spokesperson stated “We’re happy to have worked with Apple on testing this update. We expect the web server issue to be resolved today. We appreciate our users’ patience as we continue to work through addressing their concerns.”
Zoom continues improving its platform to give ease with its users.