Apple has announced a silent update of MacOS that removes the undocumented Web server installed by the Zoom for Mac conferencing application.
The web server accepts connections from any device connected to the same local network, a security researcher said Monday. The server continues to work even when a Mac user uninstalls Zoom. The researcher showed that users on the same network could abuse the Web server to force Macs to reinstall the conferencing application. Zoom released Tuesday an emergency fix in response to the harsh criticism of security researchers and end – users.
Apple issued an update Wednesday, a representative of the company told Ars. The update ensures removal of the Web server, even if users have uninstalled Zoom or did not install the Tuesday update. Apple has provided the silent update automatically, which means that no notification or action has been requested from end users.
The Apple Update forces Zoom users who click on a conference link to receive a prompt inviting them to confirm that they wish to join the community. Previously, clicking on a link – or even encountering a hidden link in a malicious website – automatically opened Zoom and put it in the conference. Zoom developers have also been criticized for this behavior as it may surprise users and expose them to hackers.
Apple sometimes publishes silent updates to block malware that is actively circulating on the Internet. It is less common for the company to release silent updates that block or delete something installed by an app user installed by choice. The representative of Apple said the company had taken this step to protect users from the risks associated with the Web server. The Zoom application is installed on about 4 million Macs, said researcher Jonathan Leitschuh.
Zoom representatives did not respond to an email requesting a comment for this article.