Apple quietly pushes automatic Mac software update to remove vulnerable Zoom web server

RN is run by readers. When readers purchase through links on our blog, we might earn an affiliate commission.

Earlier this week, a serious vulnerability was reported to Apple. The vulnerability was related to the Zoom video conferencing app for MacOs. The problem was that attackers could easily hijack user’s webcams.

The vulnerability was caused due to the fact that Zoom had installed a hidden web server on user’s computers so that the app can automatically answer incoming calls. This web server was the main weak point which could be exploited by the attackers. The problem was not fixed even the app was deleted from the device. As a result, users who have removed the app previously might not have realized that they were still vulnerable to this potential attack.

After defending the decision to install a web server on user’s devices to work around changes in Safari 12 that would have required users to click to accept incoming calls, Zoom later backtracked and launched a patch in order to remove the web server from the user’s devices.

However, Apple has finally taken things in its own hands and have taken a step further. The company silently pushed a MacOS update that is designed to remove the web server. The update was deployed in users’ devices automatically. Therefore, users didn’t have to do anything manually in order to install the update.

This Tuesday, Zoom released a fixed app version. But Apple has stated that its actions will protect users both in past and present from the web server vulnerability. This will not affect or cause any problem in the functionality of the Zoom app itself.

The update is known to prompt users if they want to open the app. before it would open on its own.

As stated by Zoom to TechCrunch:

 “it was happy to have worked with Apple on testing this update”

and that it should solve all the problems with the web server.

Zoom also stated in a blog post that it will take action this coming weekend by automatically having first-time users who select “always turn off my video” default to having a video off for all future meetings.

Leave a Comment