Over four million users that work for 750,000 companies all over the globe use the Zoom software for video conferencing. It’s extremely popular and, as far as everyone was concerned, quite safe. But it looks like that has never actually, truly been the case.
On Monday, Zoom found itself in hot waters after Security Researcher Jonathan Leitschuch revealed that any website “[could] forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission”. He went on too add that even if the users uninstalled Zoom, the web server was capable of reinstalling the application automatically.
Leitschuh even decided to release a proof-of-concept page that showcased the vulnerability.
As soon as Zoom caught a whiff of the issue, it initially defended the use of such a web server but, following multiple voices that presented their concerns about the issue, the company eventually decided the best way to solve the issue was to update its own app and remove the component completely.
“Our original position was that installing this [web server] process in order to enable users to join the meeting without having to do these extra clicks — we believe that was the right decision.” Richard Farley, Zoom Chief Information Security Officer, told The Verge. “And it was [at] the request of some of our customers. But we also recognize and respect the view of others that say they don’t want to have an extra process installed on their local machine. So that’s why we made the decision to remove that component.”
Zoom released an emergency patch yesterday that removed the troublesome web server but Apple was not thoroughly convinced by it, it seems.
The company took matters into its own hands by issuing a quiet update on Mac. A quiet update means that the Macs of the world will receive it without the users having to move a finger. The update removes the web server from any Mac computer that features the Zoom software.
Apple is no stranger to silent updates: it usually pushes them in order to take care of any malware the users might not be aware of but it’s very rare of the company to step in publicly and take action over an app in this manner.
Zoom spokeswoman Priscilla McCarthy however, told TechCrunch that they are “happy to have worked with Apple on testing this update. […] We appreciate our users’ patience as we continue to work through addressing their concerns.”