Apple updates Mac to fix faulty video conferencing app

Macos Terminal Screen Security

On Tuesday, Zoom defended the use of the server, saying to ZDNet in a statement that it was a "legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator".

And, uninstalling the app won't fix the problem alone.

Apple on Wednesday quietly pushed out an automatic update to Mac users to remove a local host server created by the Zoom video conferencing app. This uninstall feature removes both the app and the web server. As discovered by Leitschuh, Zoom featured a vulnerability that allowed hackers to break into a target's Mac webcam.

That's possible in part because the Zoom app apparently installs a web server on Macs that accepts requests regular browsers wouldn't, the post said.

If you have ever installed the Zoom client on your Mac - even if you've completely uninstalled it - you're still very likely vulnerable to this massive security flaw. "We are stopping the use of a local web server on Mac devices", the company said.

So far, there have been no reports of threat actors exploiting the Zoom vulnerability, but it could affect the firm's millions of users unless they update their settings to deactivate the webcam by default.


Ultimately, the voice of users and security professionals led to Zoom deciding that the risks outweighed convenience factor provided by the local web server. The server continues to run even when a Mac user uninstalls Zoom.

This gave attackers the opportunity to put malicious code on websites that connect to the hidden web server (e.g. the Outlook web app).

The good news is that Zoom has published a blog post detailing its response to this vulnerability, including a patch for its software available here.

Prior to the update, Eoin Keary, CEO and co-founder of edgescan, told MailOnline: 'A vulnerability in any software is unsurprising and can be fixed with a patch prior to disclosure if the vendor addresses the issue in a timely manner.

"What's unfortunate, invasive and a violation of trust is when the software seems ' uninstalled' but really isn't", he added.

'This is a breach of transparency and exposes individuals who believe they don't have the software installed to attacks. It's underhanded and breaches trust boundaries.

Related News:



Most liked

Baker mistakes 'Moana' birthday cake request for 'marijuana'
Kensli's post has been shared 11,000 times - with social media users finding the mix-up as amusing as she did. However, Mom says the mix up was innocent enough and the artwork was very well done.

'Chopped into pieces': Children, pregnant women killed in village massacre
The cause of the killings is not yet known but is part of a long-running conflict that has been active for years. PM James Marape called the news "one of the saddest days of my life", promising to track down the perpetrators.

Anaheim police investigating viral video of violent Disneyland brawl
The video footage shows a man punching a woman repeatedly after the woman spat on him during an argument with her and another man. Footage recorded by a bystander shows the fight breaking out between a man in a red shirt and a woman pushing a stroller.

Williamson hails ´brilliant´ New Zealand after World Cup stunner
India's glorious entry into the semi-finals of the ongoing ICC World Cup 2019 is a matter of pride for every cricket lover. Chasing 240, India were 92/6 and looking down the barrel before Jadeja joined Dhoni and raised hopes of a counter.

Israel backs Cyprus as Turkey vows to continue drilling in its waters
Cypriot Foreign Minister Nikos Christodoulides said any measures were not an end in themselves, but aimed at sending specific messages to Turkey .

Stadia players wont lose their games if publishers abandon the platform
The updated FAQ (spotted by 9to5Google ) notes that the Founder's Edition isn't tied to the Google account that made the purchase. Though the company gave no definite answer , its response did open up the possibility of support arriving in the future.

Delta engine falls apart midflight before emergency landing
Needham said: "We're not sure why the plane malfunctioned or what the cause was". "We heard and felt everything ", he told ABC11 . Gizmodo have reported passengers were given $30 (£24) food vouchers while they waited in Raleigh.

BP oil tanker sheltering in Gulf over fear of Iran attack
It was passing through global waters through the Strait of Gibraltar and there is no law that allows England to stop this tanker. He said the tanker wasn't heading toward Syria, without saying where the vessel was going.

Biden apologizes for touting past work with segregationist senators
But some Democrats said there was still plenty of time for Biden to recover. Kamala Harris to confront him on issues of race the way she did.

Operation Apocalypse Z Live Stream Time and PS4 News
Drop into the new mode Alcatraz Portals Horde to battle to survive enemies and the horde. As well, other new maps, The Museum of Unnatural History and Havana , will be available.

There Was 1 Player Taken In Today’s NFL Supplemental Draft
As was expected, Thompson was the first player taken on the Supplemental Draft, and he also wound up being the only one. Creates adequate separation on short-to-intermediate targets in his direction and has an above-average long speed.

Lord of the Rings free-to-play MMO announced by Amazon
However, Amazon made it clear that the upcoming MMO and the TV show are unrelated, and are being developed separately. We also do not know when the Lord of the Rings MMO will be released nor which platforms it will eventually arrive on.

Kali Linux Now Available for Raspberry Pi 4
The Raspberry Pi 4 has been lauded for its improved specs while keeping the low price tag of the original. Compatibility woes are nothing new with USB-C, but in this case, the problem lies with the Pi.

Megan Rapinoe Celebrates World Cup Soccer Win With Nipsey Hussle Quote
The US Women's Soccer team took home the W during the World Cup, winning their fourth title. Then, she added, "We look forward to holding those feet to the fire".

American Airlines sees $185 million profit hit from Boeing MAX grounding
Cash generated from 787 Dreamliner deliveries, defense and services sales should soften some of the blow, he said . The first lost order for a 737 Max was from Flyadeal , the budget airline run by Saudi Arabian Airlines .