Zoom backtracks on 'legitimate solution' that left Mac webcams vulnerable to highjacking

Macos Terminal Screen Security

Credit Lewis Ngugi

And now, Apple seems to have taken things a step further and pushed out a silent macOS update that removes the web server, reports TechCrunch.

"The update will now prompt users if they want to open the app, whereas before it would open automatically".

The video conferencing platform faced flack from users following a public vulnerability disclosure on Monday by a software engineer Jonathan Leitschuh after he described how any website could forcibly join a user to a Zoom call, with their video camera activated, without the user's permission.

On Tuesday, Zoom said it was releasing an update that will remove the local web server to secure the system and do away with the use of the web servers moving forward.

Facepalm: Following intense pressure from the media, security community, and its users, video conferencing provider Zoom has issued an emergency patch to address a zero-day vulnerability that it previously considered "low-risk." .

Millions of Apple Macs are vulnerable to a video conferencing software bug which allows hackers to spy on users through their computers' cameras, according to a BBC report.

'We're adding a new option to the Zoom menu bar that will allow users to manually and completely uninstall the Zoom client, including the local web server, ' the company said.

While Zoom has now committed to releasing a patch for the vulnerability by July 11, the company has said that it has no plans to change the behaviour of running a phantom web server on users' computers, explicitly stating that it is "not a security concern". "Zoom chose to remove the web server based on feedback from the security community and our users", it said. This generally involves someone sending a unique link to someone over the web, which they can click to join a meeting. "So that's why we made the decision to remove that component - despite the fact that it's going to require an extra click from Safari". "A very poor decision by the folks at Zoom". Older versions of its software installed an undocumented local web server on Macs. "This was the most full-proof way to get this done so we appreciated Apple's collaboration in this matter", it says.

In an interview with the Verge, Zoom chief information security officer Richard Farley explained that the company was basing the move off of "feedback" from those "following this and contributing to the discussion".

"We misjudged the situation and did not respond quickly enough - and that's on us", Yuan wrote.

USD Drops, S&P 500 Hits Record on Dovish Fed Minutes, Powell Testimony
India vs New Zealand - Highlights & Stats