Apple has recently silently released an update to Mac users that removed a security vulnerability in the platform Zoom. Zoom is a popular video conferencing platform with over 4 million users across 750,000 companies using the platform around the world.
The vulnerability allowed websites to automatically add users to video conferences without their permission. Jonathan Leitschuh explained in a public vulnerability disclosure that, “any website [could] forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.” Even if a user uninstalled Zoom the undocumented web server remained installed on the computer. This allowed Zoom to reinstall without any user interaction or approval.
Apple’s update to resolve this issue does not require any user interaction and is deployed automatically. Zoom also released their own updated app that should fix the vulnerability as well as allow you to manually uninstall Zoom completely. Apple’s update is said to protect all past and future uses of the app for its users.
The update will now prompt the user whether or not they want to open the application or not. This is different than before where Zoom would open automatically.