Apple quietly updates Macs to remove Zoom's risky web server

Macos Terminal Screen Security

Jonathan Leitschuh, a Boston-based software engineer, discovered that Zoom's conferencing software could be involuntarily activated on someone else's computer if someone visited a rigged web page or clicked a deceptive link.

The worrying security flaw was not stopped by uninstalling the app either as the web server, where the vulnerability was found, was not removed during this process.

The same problem isn't apparent on Windows computers, because they handle Zoom meetings differently - without the server installation.

Zoom, feeling the pressure from heavy media coverage of the security flaw in their Mac client that allows access to a user's webcam, released a fix for the issue Tuesday afternoon.

On Tuesday afternoon, company CEO Eric Yuan told Leitschuh and other researchers that Zoom would remove the local web server functionality it was using to bypass protections in Safari and facilitate instant meeting joins.

"This does not appear to be the case, as the first meeting with the researcher about how the vulnerability would be patched occurred only 18 days before the end of the 90-day public disclosure deadline", said Keary. Additionally, you can also disable the option to automatically turn on your camera when you join a Zoom video call. Older versions of its software installed an undocumented local web server on Macs.

Nintendo announces Nintendo Switch Lite
The "dedicated handheld" Switch makes it easier for travelling, but doesn't come without disadvantages. Since the controllers are not removable and this console is handheld-only, motion controls won't work.

The communications provider also plans to introduce a new Uninstaller App for Mac to help the user easily delete both apps by this weekend.

The vulnerability impacts the Mac Zoom Client, according to Leitschuh, who explained on Medium that "any malicious website" could access a Mac's webcam without permission. "This re-install "feature" continues to work to this day". The company said that it wanted to ensure that users were protected from the risks the web server presented.

The challenge with something like this Zoom vulnerability is that users might simply be unaware of any danger.

Zoom initially defended its decision to keep the local web server as part of its application, saying other software vendors use the same approach.

Zoom says in a statement on Wednesday that it worked with Apple to get rid of the web server from Macs. It makes ideal sense not only because many users may not open Zoom for some time, but also because many of them had uninstalled the app.

The patch will also add a button that allows users to manually uninstall Zoom.

Related News:



Most liked

France adopts pioneering tax on tech giants Google, Amazon, Facebook
The tax rate would be set at 3% and could hit some of America's biggest tech companies, including Amazon , Facebook and Google . The French government says the tax does not specifically target USA companies and will affect European and Asian firms as well.

Princess Charlotte Looks Exactly Like a Young Queen Elizabeth in New Photos
Hill agreed, saying, "I imagine that people were concerned that she was not cradling the baby's head adequately". She wasn't there as the Duchess but as a pal. 'I respect Meghan Markle's hustle and I respect her game.

UK Ambassador to US Who Criticized Trump Resigns, British Foreign Office Says
As Brexit looms, Britain is also hoping for a free trade deal with the USA to mitigate the impact of leaving the European Union. In the cables, Darroch had described Trump as "radiating insecurity" and described his administration as "clumsy and inept ".

NASA Awards Launch Services Contract for Groundbreaking Astrophysics Mission
The PUNCH mission was supposed to be executed on a rocket by Pegasus but the agency chose to launch it in a different spacecraft. Currently, launch of the IXPE is scheduled for April 2021 from Complex 39A at the Kennedy Space Center, Cape Canaveral, Florida.

Galaxy Note 10 and Note 10
With the feature, you'll be able to use the Galaxy Note 10 as its own computer and wirelessly connect to keyboards and a mouse. Last year, the hero colour for the Galaxy Note9 is Ocean Blue and it comes with a contrasting yellow S Pen stylus.

Rouhani warns of 'repercussions' over British detention of oil tanker
Iran has condemned the British government's move as "maritime piracy" and summoned Britain's ambassador three times in protest. Emmanuel Bonne, a French presidential envoy, is in Iran this week for talks aimed at resolving the crisis.

British US ambassador Darroch resigns over emails criticising Trump
It was also clear that, despite the Foreign Office's protestations, Trump was determined to blackball Sir Kim. Speaking anonymously, another diplomat who's now serving told the Times "it could have been any of us".

Heads Up, Meghan And Hazza Shared Baby Archie's Adorable Christening Pics
She couldn't go due to other prior engagements, however, she was at Princess Charlotte and Prince George's christenings . Today The Duke and Duchess of Sussex's son Archie was Christened at the Private Chapel at Windsor Castle .

The Lion King Remake Is "Astonishing" And "Beautiful"
Along with covers of classic Lion King tracks, this new song is set to make an appearance during a key Nala scene. At the premiere, Glover also voiced his disbelief over his casting as Simba .

Government clashes with its own business advisers over no-deal Brexit
The Tánaiste says there's no evil plan hiding on a shelf that would solve the issue of the border with Northern Ireland . For people living in border counties and in Northern Ireland, this will be really hard .

US says Iran's moves are 'nuclear extortion'
As part of its campaign, the USA has re-imposed sanctions on exports of Iranian crude oil, which have tanked the Iranian economy. Hassan Rouhani was quoted by the official IRNA news agency as calling the seizure "mean and wrong" during a Cabinet meeting.

How to watch NYC's ticker tape parade for the U.S
However, that would still be far less than the $440 million allotted for male players in the 2022 World Cup. As she later said on ABC's " Good Morning America ", it's time to take action.

USWNT Celebrates Women's World Cup Title With Parade in NYC
The most recent ticker-tape parade was held in 2015, when the United States women last won the World Cup. Members of the USA women's team will earn more in 2019 as a result of their World Cup triumph in France.

The official YouTube app has finally returned to Amazon Fire TV devices
YouTube TV and YouTube Kids apps are also in the works, but they're not ready quite yet. YouTube will once again be available on Amazon Fire TV worldwide after two years.

Joe Taslim joins James Wan's Mortal Kombat reboot
The web-short from screenwriter Oren Uziel gained enough popularity to spawn the web series Mortal Kombat: Legacy . The Mortal Kombat video game is basically fighters from different realms who are locked in battle.