The vulnerability was particularly notable because Zoom had installed a hidden Web server on users' computers to allow automatic answering of incoming calls. This web server was not only the weak point that could be exploited, but it was also not deleted application removal. Therefore, users who had previously deleted Zoom might not even realize that they were vulnerable to this potential attack.
After initially defending the decision to install a Web server on users' computers to bypass the changes in Safari 12 that would force users to click to accept incoming calls, Zoom later rolled back and released a patch to remove the web server from users' computers.
Apple has now gone one step further by providing a silent update of MacOS that removes the Web server. TechCrunch. The update is automatically deployed. Therefore, users should not apply it manually for it to take effect.
Although Zoom released Tuesday a fixed version of the application, Apple said its actions will protect past and present users from the undocumented vulnerability of the web server without affecting or impeding the features of the Zoom application. -even.
The update will now ask users if they wish to open the application, while before that, it would open automatically.
Zoom says TechCrunch he was "happy to have worked with Apple on testing this update" and on the fact that he should solve all the problems related to the web server.
In a blog post, Zoom says it will take additional action this weekend by automatically making sure that new users who select "Always turn off my video" choose to default to turning off video for all meetings at come. In addition, Zoom will enhance its premium calculation program and escalation of security issues.