Technology
Apple took action to fix Zoom flaw, which proves how serious it was
Yesterday, video conferencing service Zoom released an update for its Mac client, removing the controversial web server functionality that opened up the possibility of someone launching a video call on user’s computer without permission.
But now, TechCrunch reports that Apple decided to step in regardless, launching a silent update for Macs that removes Zoom’s web server functionality altogether.
The local web server, which Zoom used to quietly install on user computers, improved some usability aspects of Zoom, but opened up massive potential for misuse, as first documented by security researcher Jonathan Leitschuh.
Apple said the update protects past and present Zoom users from the vulnerabilities found by Leitschuh, and Zoom told TechCrunch that the company is “happy to have worked with Apple” on the update.
The fact that Apple moved in with a patch that fixes a third party app — something the company very rarely does — speaks volumes. A third party app that installs a local web server on your computer without telling you, allowing such “features” as automatically reinstalling the Zoom app even after you’ve uninstalled it, is horrible for your system’s security.
And the fact that Zoom initially downplayed the vulnerabilities, calling them “low risk,” and defended its use of the hidden web server, shows the importance of the work of independent security researchers, which are often the first to disprove such claims.
In a blog post Wednesday, Zoom CEO Eric S. Yuan wrote that the company would launch a public vulnerability disclosure program in the “next few weeks.” He also wrote that the company has “taken steps to improve our process for receiving, escalating, and closing the loop on all future security-related concerns.”
-
Entertainment7 days ago
‘Only Murders in the Building’ Season 4 ending explained: Who killed Sazz and why?
-
Entertainment6 days ago
When will we have 2024 election results online?
-
Entertainment5 days ago
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
-
Entertainment6 days ago
Social media drives toxic fandom. Is there a solution?
-
Entertainment5 days ago
Is ‘The Substance’ streaming? How to watch at home
-
Entertainment5 days ago
M4 MacBook Pro vs. M3 MacBook Pro: What are the differences?
-
Entertainment3 days ago
Menendez brothers case reignites online: The questions that keep resurfacing
-
Entertainment4 days ago
‘A Real Pain’ review: Jesse Eisenberg and Kieran Culkin charm as odd-couple cousins