Apple Pushes Silent macOS Update to Remove 'Secret' Zoom Web Server

Zoom is now readying an updated version of its app to fix “video on by default” feature

Apple has released a silent macOS update to remove the controversial local Web server installed by Zoom for Mac app. Although Zoom had released an emergency patch to remove the Web server, it seems Apple did not want to wait for the users to install the patch. Being a silent update, it will automatically remove the Web server on Mac computers without the need of any user interaction. According to a report, Zoom worked with Apple to release the silent update.

“We’re happy to have worked with Apple on testing this update,” a Zoom spokesperson told TechCrunch. “We expect the Web server issue to be resolved today. We appreciate our users’ patience as we continue to work through addressing their concerns.”

Although Apple’s action was unnecessary, it is a seamless fix and puts an end to a part of the Zoom debacle. The issue will be completely fixed when Zoom released an updated version of its app this weekend that will start to save the video preference of its users, rather than forcing users to choose it every single time.

“With this release, first-time users who select “Always turn off my video” will automatically have their video preference saved,” Zoom CEO Eric S. Yuan said in a statement. “The selection will automatically be applied to the user’s Zoom client settings and their video will be OFF by default for all future meetings. (Returning users can update their video preferences and make video OFF by default at any time through the Zoom client settings.)”

While Apple does push silent updates to thwart known malware, it is rare for the company to take such an action against a known company. Apple told TechCrunch that it pushed the update to protect users from the risks posed by the exposed Web server.

The whole Zoom saga started earlier this week when a security researcher Jonathan Leitschuh revealed how Zoom for Mac app include a Zero-Day vulnerability, which could potentially allow an attacker to forcibly join a Mac user to a video call with video enabled. Leitschuh also noted that Zoom was installing a local Web server on Mac computers to sidestep a Safari feature, allowing the company or an attacker to install Zoom app without user interaction on Mac.



Source link