Apple updates Mac to remove hidden web server to fix Zoom webcam exploit

Apple updates Mac to remove hidden web server to fix Zoom webcam exploit

Apple has released a silent update for Mac users two days after Zoom, a video conferencing app that is primarily used by businesses, encountered a serious security problem. The security flaw was discovered by a software engineer Jonathan Leitschuh on Monday after he described how the Zoom application allowed any website to forcibly join a user to a Zoom call, without the user’s permission. Basically, it could remotely turn on a person’s webcam without taking permission to the user.

Explaining the security flaw briefly, Zoom’s software introduced to install a web server on user’s computers, meant to quickly launch Zoom’s software when users click a link. This introduction turned out to be a vulnerability which was letting websites automatically add users to a video call without any permission. Apple’s ‘hidden’ update would now prompt users asking them if they want to open the app. This exploit would also allow hackers to use a website to cause an attack on a Mac by continuously asking it to join a non-existent video call and eventually turn on a Mac computer’s webcam without warning. The automatically-deployed update removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app, TechCrunch reported on Wednesday.

Although on Tuesday, Zoom released a fixed app version but Apple said the actions would protect users both past and present from any vulnerability without obstructing the functionality of the Zoom app itself, the report said. According to recent reports, a Zoom spokesperson spoke on the matter and said that the company was happy to have worked with Apple on testing this update and expect the web server issue to be resolved soon.

Talking about the Zoom app, over four million users across 750,000 companies use Zoom video conferencing app primarily for their businesses. If you are also a Zoom application user, you should update it to the latest version to remove this security flaw which includes the quick fix patch. For security issues, you can additionally disable the option to automatically turn on your camera when you join a Zoom video call.

Leave a Comment

Scroll to Top