Apple is silently removing Zoom's web server software from Macs

Macos Terminal Screen Security

Macos Terminal Screen Security

"The little adhesive camera covers available by the dozens at every computer conference or for a couple dollars on Amazon are a much better solution that relying on software to do the right thing", said Bailey.

Millions of Apple Macs are vulnerable to a video conferencing software bug which allows hackers to spy on users through their computers' cameras, according to a BBC report.

But security researcher Jonathan Leitschuh recently stumbled upon something extremely concerning.

Zoom did this so users would not have to click another dialog in order to join a meeting, a convenience versus security trade off that now haunts it.

On the one hand, this simple access to video meetings is an excellent feature for Zoom users who don't want to deal with complexity before their voice calls.

That's possible in part because the Zoom app apparently installs a web server on Macs that accepts requests regular browsers wouldn't, the post said. This is where the vulnerability lies.

"Since the Zoom customer UI keeps running in the forefront upon dispatch, it would be promptly obvious to the client that they had unexpectedly joined a gathering and they could change their video settings or leave quickly", composed Farley.

Webcams have been a potential privacy vulnerability if hacked by outside actors for a while now.

Apple disables Walkie-Talkie app on Apple Watch after finding bug
The vulnerability was brought to light using Apple's own platform for reporting security issues and vulnerabilities. But an unknown flaw means that the feature obviously didn't work as intended, and could be exploited by snoopers.

Penguins F Cullen retires after 21 seasons
"I may have skated my last shift, but I'm not hanging up my skates just yet". I wouldn't trade that past year for anything.

Turkey slams European Union claim that drilling off Cyprus is illegal
In May, Ankara sent the ship Fatih into Cyprus' exclusive economic zone to begin drilling there, while the Yavuz was deployed last month to search for oil and gas to the east.

The same problem isn't apparent on Windows computers, because they handle Zoom meetings differently - without the server installation.

If a user has ever installed the Zoom client and then uninstalled it, the Mac still has a localhost web server that will re-install the Zoom client, without requiring any user interaction besides visiting a webpage. It will address the issue of video being on by default.

"It took Zoom 10 days to confirm the vulnerability", wrote Leitschuh.

But in a post on Tuesday the company conceded and said it has launched a patch removing the web servers from Mac machines. However, Leitschuh believes that this action might be too little, too late.

Leitschuh says he unveiled the weakness in March, however Zoom did not finish a fix until June.

The patch will also add a button that allows users to manually uninstall Zoom.

A Zoom spokesperson told Forbes, however, that it had begun analyzing the problem within 10 minutes of learning about it, and that the ability to have one-click access to join videoconferencing calls was meant to address poor user experiences for those running Apple's Safari 12 web browser.

Recommended News

Nos complace proporcionar esta oportunidad para compartir información, experiencias y observaciones sobre lo que está en las noticias.
Algunos de los comentarios pueden ser reimpresos en otra parte del sitio o en el periódico.
Gracias por tomarse el tiempo para ofrecer sus pensamientos.