Apple quietly patches Zoom flaw by yanking hidden web server

Apple and Zoom worked together on the fix, ain’t that nice

SOFTLY, SOFTLY UPDATE MAC appears to have been Apple’s response to the vulnerability in Zoom’s video conferencing software that allowed websites to pull users into video calls without their consent.

TechCrunch reports that the company quietly released an update that removed the hidden local web server the Zoom software installs on Mac machines, which was the culprit of the vulnerability.

The update is being pushed out automatically, meaning Mac users don’t need to do anything to enable it and will probably not notice it’s happened. Apple does do this a fair bit, and it’s not known to make a song and a dance when it does something that messes with popular software and services.

Zoom told TechCrunch it worked with Tim Cook’s software wranglers to cook up the patch, so there’s not likely to be any bad blood between the companies.

“We’re happy to have worked with Apple on testing this update. We expect the web server issue to be resolved today. We appreciate our users’ patience as we continue to work through addressing their concerns,” Priscilla McCarthy, a Zoom spokeswoman, told TechCrunch.

Given some four million folks use Zoom across 750,000 companies, the quiet patching will go some way to keeping them safe from malicious websites that might have tried to exploit the vulnerability.

It’s worth noting that there have been no exploits of the vulnerability out in the wild, and Apple has been reasonably quick to patch the problem, something it arguably hasn’t been that hot on when it came to FaceTime snooping problems earlier this year.

While Apple’s TV ads have been touting security lately, it looks like it’s been hit with a few privacy-sapping problems lately; case in point, it’s had to disable the Walkie-Talkie function in the Apple Watch as that was found to have a flaw that in “specific conditions” could enable users to snoop on iPhones. µ

Further reading



Source link