Published: Thu, July 11, 2019
Tech | By

Apple updates Mac to fix faulty video conferencing app

Apple updates Mac to fix faulty video conferencing app

Clicking that button means that Zoom is completely removed from the user's device, along with the user's saved settings.

Jonathan Leitschuh, the tech veteran who first spotted the problem late this March said that the problem is caused by the way Zoom is programmed to set up meetings and video conferences. In a move that Daring Fireball's John Gruber justifiably describes as "criminal", it seems that Zoom leaves unsafe pieces of itself behind, in the form of a local web server, even after a user would have every reason to believe they've uninstalled it.

Leitschuh wrote that Zoom had didn't heed his warnings for months and only implemented a partial fix on the last minute, whereas the company told ZDNet on Monday the technique was an "official resolution to a poor user experience" in because of adjustments in Safari 12 (namely, a privacy protection feature that forced users to verify they actually wished to launch Zoom).

"Zoom worked with Apple to test this update, which requires no user interaction".

"This re-install 'feature" continues to work to this day".

While Zoom has now committed to releasing a patch for the vulnerability by July 11, the company has said that it has no plans to change the behaviour of running a phantom web server on users' computers, explicitly stating that it is "not a security concern".

"A very poor decision by the folks at Zoom", he added.

The good news is that Zoom has published a blog post detailing its response to this vulnerability, including a patch for its software available here.

He demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed.

On Tuesday, Zoom released a fixed app version however Apple said its actions would protect users both past and present from the undocumented web server vulnerability without affecting or hindering the functionality of the Zoom app itself, the report said.

According to Apple, the automatically-deployed update removes the hidden web server, which Zoom quietly installed on users' Macs when they installed the app, TechCrunch reported on Wednesday.

However, a malicious website can exploit the web server by sending it a request for a video feed.

Like this: