Apple quietly updates Macs to remove Zoom's risky web server

Apple quietly updates Macs to remove Zoom's risky web server

Of particular issue, Leitschuh found that even if a Mac user had uninstalled the Zoom client, a localhost web server would remain on the user's machine that re-installed the client without any interaction from the user beyond visiting a Web page.

A serious new security vulnerability has been discovered in Zoom's Video Conferencing app that has left millions of Mac users exposed to a flaw that could allow any website they visit to turn on their FaceTime cameras without their permission.

The vulnerability affects Apple Macs upon which Zoom video-conferencing software has been installed, although Zoom updated the software yesterday to make it harder to abuse, the report said.

But now, TechCrunch reports that Apple made a decision to step in regardless, launching a silent update for Macs that removes Zoom's web server functionality altogether.

That doesn't seem such a far reached idea after the researcher Leitschuh revealed that a vulnerability with the Zoom app meant that besides the ability to remotely active the Mac webcam, the vulnerability could also "have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call".

Zoom spokeswoman Priscilla McCarthy however, told TechCrunch that they are "happy to have worked with Apple on testing this update".

Stranger Things Season 4 Will 'Open Up,' Says The Duffer Brothers
However, in season two it was revealed Brenner had survived this and is still alive. Stranger Things Season 3 premiered on the 4th of July and a lot of people watched.

The local web server, which Zoom used to quietly install on user computers, improved some usability aspects of Zoom, but opened up massive potential for misuse, as first documented by security researcher Jonathan Leitschuh.

Commenting on the matter, Eoin Keary, CEO, and co-founder of Edgescan said: "A vulnerability in any software is unsurprising and can be fixed with a patch prior to disclosure if the vendor addresses the issue in a timely manner". If someone had uninstalled Zoom and clicks a meeting link, the local web server reinstalls Zoom.

Zoom did this so users would not have to click another dialog in order to join a meeting, a convenience versus security trade off that now haunts it. The goal of the update is only to remove the local web server installed by the Zoom app.

According to Zoom, updating will 'remove the local web server entirely'. We've reached out to Apple regarding that question and will report if we hear more on that.

In a blog post Tuesday, Zoom said it planned to disable the web server feature, which was originally created to make it easier for users to join meetings without extra clicks.