Prior this week, a genuine vulnerability with the Zoom video conferencing application for macOS was revealed, with attackers conceivably ready to capture clients’ webcams.
The vulnerability was especially notable since Zoom had installed a hidden web server on clients’ PCs so as to take into consideration programmed replying of incoming calls, and that web server was not only the weak point that could be exploited, yet it additionally was not removed upon deletion of the application. Accordingly, clients who had previously deleted Zoom probably won’t realize they were vulnerable to this potential attack.
After at first defending the decision to install a web server on clients’ machines to work around changes in Safari 12 that would have expected clients to click to accept incoming calls, Zoom later backtracked and released a patch to expel the web server from clients’ PCs.
Apple has now made things one step further and pushed out a silent macOS update that expels the web server, reports TechCrunch. The update is deployed automatically, so clients don’t need to manually apply it in order for it to take effect.
In spite of the fact that Zoom released a fixed application form on Tuesday, Apple said its actions will protect clients both past and present from the undocumented web server vulnerability without influencing or hindering the functionality of the Zoom application itself.
The update will presently prompt clients on the off chance that they want to open the application, though before it would open automatically.
Zoom disclosed to TechCrunch it was “happy to have worked with Apple on testing this update” and that it should resolve all issues with the web server.
In a blog post, Zoom says it will make further action this end of the week via automatically having first-time clients who select “Always turn off my video” default to having video off for every future meetings. What’s more, Zoom will improve its bug bounty program and security-related issue acceleration process.