Earlier this week, a security researcher detailed how the Zoom video conferencing app installed a hidden web server on Macs, leaving users vulnerable to having their webcams hijacked. Now, TechCrunch reports that Apple has pushed a silent update to macOS to remove that hidden web server.
Apple confirmed to TechCrunch that it did in fact push the silent update to Mac users, and that the update does not require any user interaction to install. The purpose of the update is to remove the web server installed by Zoom.
Zoom said that it installed the web server to allow users to join Zoom meetings with one click. That web server, however, is what left Zoom users vulnerable to having their web cams and microphones hijacked, as detailed by a security researcher on Monday. Zoom initially refuted several details of the claim, but it eventually back tracked and said that it would release a series of updates to the Zoom app on Mac to close the vulnerability.
Apple, however, seemingly took things into its own hands instead, in an effort to protect users. Because Zoom installed the web server, the vulnerability also affected users who had gone as far as to uninstall the Zoom app completely. This is seemingly why Apple felt the need to silently remove the web server to protect users.
Zoom said that it is “happy” to have worked with Apple on the update:
Read more about the original vulnerability here.