Apple recently sent a quiet security update to the Mac users two days ago when reportedly, a security flaw enabled the Zoom web server to turn on a person’s webcam. The update ensures the removal of the feature that quickly connected users to conference calls.
Although Zoom itself issued an emergency security alert yesterday, it seems that Apple is highly concerned that not many users would update and are also unaware of the controversy in the first place. it might also be possible that many users had uninstalled the app by now, while not opening the Zoom app for some time is another case. Before Zoom’s alarming update, the web server was left on one’s computer while uninstalling the app, which did not allow Zoom for its uninstallment with an updated one. Therefore, Apple intervened into this controversy.
“Basically, Apple stepped in because it knew a ton of people were still going to be vulnerable after they uninstalled Zoom but either didn’t know of the vulnerability or didn’t want to install the updated patched Zoom version.” wrote Zack Whittaker. Moreover, Priscilla McCarthy, Zoom’s spokesperson told TechCrunch: “We’re happy to have worked with Apple on testing this update. We expect the web server issue to be resolved today. We appreciate our users’ patience as we continue to work through addressing their concerns.”
All this began when Jonathan Leitschuh, security researcher, voiced his concerns on Zoom’s security flaw which automatically opened webcam and connected users forcibly. Zoom could also reinstall itself even when uninstalled. The following day, the web server denied all the allegations and later vowed to update its app to remove it. According to The Verge, Zoom’s chief information security officer, Richard Farley, explained that the company didn’t really believe that there was anything wrong with its software, but it wanted to reassure everybody who disagreed: “Our original position was that installing this [web server] process in order to enable users to join the meeting without having to do these extra clicks — we believe that was the right decision. And it was [at] the request of some of our customers. But we also recognize and respect the view of others that say they don’t want to have an extra process installed on their local machine. So that’s why we made the decision to remove that component.”