Apple has released a silent update for Mac users removing a vulnerable component from Zoom, the popular videoconferencing application that allowed websites to automatically add a user to a video call without their permission.
The technology giant based in Cupertino, California, told TechCrunch that the update – now released – removes the hidden Web server, which Zoom quietly installed on users' Macs when they installed the application.
Apple said that the update did not require any user interaction and that it was automatically deployed.
The videoconferencing giant was criticized by users following the public disclosure of vulnerabilities Monday by Jonathan Leitschuh, in which he described how [could] forcibly attach a user to a Zoom call, with his video camera enabled, without the user's permission. The undocumented Web server remained installed even if a user uninstalled Zoom. Leitschuh said that this allowed Zoom to reinstall the application without any user intervention.
He has also released a vulnerability demo page.
Although Zoom released Tuesday a fixed version of the application, Apple said its actions will protect past and present users from the undocumented vulnerability of the web server without affecting or impeding the features of the Zoom application. -even.
The update will now ask users if they wish to open the application, while before that, it would open automatically.
Apple often asks for silent signature updates on Macs to counter known malware similar to anti-malware services, but it's rare for Apple to take public action against a known or popular application. The company said it launched the update to protect users from the risks posed by the exposed Web server.
Zoom spokesperson Priscilla McCarthy told TechCrunch, "We are happy to have worked with Apple to test this update. We expect the web server problem to be solved today. We value the patience of our users as we continue to work to address their concerns. "
More than four million users in 750,000 companies worldwide use Zoom for video conferencing.