Apple issues security hot patch for Zoom security problems


Apple has updated macOS to address issues in the recently revealed security concern with Zoom video conferencing software. Apple issues a background security fix to resolve the issue with Zoom and has since issued further updates for software affiliated with Zoom. Apple's security fix occurs without a user notification or prompt and requires no restart.

The Verge:

Apple informed us that it has sent out a silent security update to Macs to remove software that was automatically installed by RingCentral and Zhumu. These video conferencing apps both used technology from Zoom â€" they’re essentially white labels â€" and thus they also had Zoom’s security flaws. Specifically, they installed secondary pieces of software that could take commands from websites to open up your webcam in a video conference without your intervention.

The issue is Zoom implemented a workaround for Safari so Mac users could automatically join a video call. The solution involved installing a secondary web server to facilitate calls and automatically activate the video call. While likely well-intentioned, it's a bizarre choice to hoist upon its users that offers an obvious and serious vulnerability. Essentially someone could peer through your webcam with out authorization. The rational was simply so users could automatically join a conference without an extra click.

The issue was complicated further in that the web server could remain after uninstalling the conferencing software. So, while Zoom has finally decided to issue an update, the vulnerability would remain for users with no software to update. The Apple fix should resolve the issue for everyone.