Apple Fixes Zoom App Vulnerability for Mac Users with Automatic Silent Update

Apple has taken a proactive step in protecting Mac users from a vulnerability in the Zoom video conferencing app, by deploying a silent update, reports TechCrunch:

Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom  quietly installed on users’ Macs when they installed the app.

Apple said the update does not require any user interaction and is deployed automatically.

According to Apple, the silent update will protect all existing and new users from the Zoom vulnerability, but not affect the functionality of the video conferencing app. The Apple update means launching Zoom will now prompt a user to ask if they want to open the app.

Jonathan Leitschuh discovered an undocumented web server in the Zoom app, which remained even when users uninstall the app. The security flaw allowed any website to join in on a call, without a user’s permission.

Zoom released a fix yesterday but said it was “happy to have worked with Apple” on patching the webserver vulnerability. There are over 4 million Zoom users worldwide.