According to a report by The Verge, Apple has started sending out silent updates to Macs in order to remove any insecure software that has been automatically installed by RingCentral and Zhumu, both of which used video conferencing technology from Zoom and thus also contained Zoom’s security flaws.
For those who aren’t aware, the Mac version of the Zoom app has a vulnerability that lets websites launch video calls and turn on users’ webcam without their permission.
Zoom’s partner apps not only have the same flaw but they also install some secondary software that can’t be removed even after uninstalling those apps. Hence Apple has decided to remove the offending software itself.
Last week, Apple issued its first silent patch to remove Zoom’s extra software and today’s update is essentially a part of the same effort.
“Zoom itself has been scrambling to come to the right solution for users — including an about-face on whether such an update was even necessary in the first place. It ultimately decided that it was worth the update, but couldn’t remove software for users that had uninstalled its main app, which is why Apple had to step in.”
In a recent software patch, Zoom has also added a new option to the app’s menu bar that will allow users to manually and completely uninstall the Zoom client, including the local web server.