Posted by:
Date: Thursday, July 11th, 2019, 03:12
Category: Apple, Mac, News, privacy, security, Software, Uncategorized

There are times when companies annoy Apple.

This is one of those times.

Responding to controversy surrounding Zoom, the popular vide conferencing app that allowed websites to automatically add a user to a video call without their permission, Apple has released a silent update to the issue.

The update, in turn, removes the hidden web server, which Zoom had quietly installed on users’ Macs upon installing the app.

Apple has stated that the update does not require any user interaction and is deployed automatically.

Zoom gathered flack following a public vulnerability disclosure on Monday by Jonathan Leitschuh, in which he described how “any website [could] forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.” The undocumented web server remained installed even if a user uninstalled Zoom. Leitschuh said this allowed Zoom to reinstall the app without requiring any user interaction.

Leitschuh also released a proof-of-concept page demonstrating the vulnerability.

While Zoom released a fixed version of the app on Tuesday, Apple stated that its actions will protect users using all versions of the Zoom application from the vulnerability without hindering the functionality of the Zoom app itself.

The update will now prompt users if they want to open the app, whereas before it would open automatically.

While it’s fairly common for Apple to push silent signature updates to stop malware, it’s rare for the company to publicly take action against a known application.

Zoom spokesperson Priscilla McCarthy offered the following statement:

“We’re happy to have worked with Apple on testing this update. We expect the web server issue to be resolved today. We appreciate our users’ patience as we continue to work through addressing their concerns.”

More than four million users across 750,000 companies around the world use Zoom for video conferencing.

Stay tuned for additional details as they become available.

Via TechCrunch



Source link