Apple updates Mac to remove hidden web server to fix Zoom webcam exploit

Apple updates Mac to remove hidden web server to fix Zoom webcam exploit
Nasdaq is ready for the Zoom IPO, Thursday, April 18, 2019 in New York. The videoconferencing company is headquartered in San Jose, California. (AP Photo/Mark Lennihan)

Apple has released a silent update for Mac users two days after Zoom, a video conferencing app that is primarily used by businesses, encountered a serious security problem. The security flaw was discovered by a software engineer Jonathan Leitschuh on Monday after he described how the Zoom application allowed any website to forcibly join a user to a Zoom call, without the user’s permission. Basically, it could remotely turn on a person’s webcam without taking permission to the user.

Explaining the security flaw briefly, Zoom’s software introduced to install a web server on user’s computers, meant to quickly launch Zoom’s software when users click a link. This introduction turned out to be a vulnerability which was letting websites automatically add users to a video call without any permission. Apple’s ‘hidden’ update would now prompt users asking them if they want to open the app. This exploit would also allow hackers to use a website to cause an attack on a Mac by continuously asking it to join a non-existent video call and eventually turn on a Mac computer’s webcam without warning. The automatically-deployed update removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app, TechCrunch reported on Wednesday.

Although on Tuesday, Zoom released a fixed app version but Apple said the actions would protect users both past and present from any vulnerability without obstructing the functionality of the Zoom app itself, the report said. According to recent reports, a Zoom spokesperson spoke on the matter and said that the company was happy to have worked with Apple on testing this update and expect the web server issue to be resolved soon.

Talking about the Zoom app, over four million users across 750,000 companies use Zoom video conferencing app primarily for their businesses. If you are also a Zoom application user, you should update it to the latest version to remove this security flaw which includes the quick fix patch. For security issues, you can additionally disable the option to automatically turn on your camera when you join a Zoom video call.

About the author

The TeCake Staff

A team of writers hired in the house of The TeCake, which consists of journalists with broad, deep experience in print and online writing, publication and site management, news coverage, and editorial team management.

Add Comment

Click here to post a comment

You Might Also Like