Skip to main content

Apple rolls out a silent Mac update that removes Zoom’s local web server

sotck photo of Macbook Pro
Craig Adderley/Pexels

A security researcher recently discovered that the Zoom app has a pretty troubling security flaw for those who use the app on Macs. According to a Medium post published on Monday, July 8, by security researcher Jonathan Leitschuh, the Mac version of the Zoom app has a vulnerability that lets websites launch video calls (and turn on your webcam) without your permission.

But as of Wednesday, July 10, Apple decided to address Zoom’s security issue with a solution of its own: A silent Mac update that removes a problematic localhost web server that comes with the Mac version of the popular video conferencing app, TechCrunch reports.

Recommended Videos

Zoom is well-known and used by countless companies precisely because of its ease of use. (Users can join video calls with just a shared link and a click.) But it turns out that that particular easy-to-use feature is the source of the vulnerability. According to Leitschuh’s post, the installation of the Zoom client for Mac doesn’t just come with the video calling app itself; it also comes with a localhost web server that is also installed. This local server is what allows Mac users to have one-click access to a Zoom video call. But as Leitschuh notes, the local server feature “really hadn’t been implemented securely.”

In fact, the server is so vulnerable that it allows other, potentially malicious websites, access to Mac webcams to “forcibly join a user to a Zoom call” and turn on their webcams without permission. In addition, the server’s security flaw (for older versions of Zoom) also would have let websites complete a DoS (Denial of Service) attack on Macs “by repeatedly joining a user to an invalid call.” Leitschuh also noted that the DoS security flaw was patched in version 4.4.2 of the Zoom client.

Users can’t just uninstall Zoom to fix the problem either. Leitschuh’s report also mentioned that the local web server stays on your Mac even after uninstalling Zoom. Plus, that server can still reinstall Zoom without your permission. And it appears, at least according to Leitschuh’s version of events, that Zoom, while aware of the flaw, hadn’t fully fixed the security issue at the time.

Zoom initially said it wouldn’t fix the issue, but eventually said it would release a patch Tuesday that would eliminate the bug, according to Wired.

Despite Zoom’s newly released patch, Apple has now provided its own fix for Zoom’s webcam security issue. According to TechCrunch, the (automatic) silent Mac update is expected to remove the local server that had been installed along with Zoom’s video conferencing app. The silent update will also contain a feature that asks Mac users if they want to open the Zoom app, instead of just opening the app automatically.

Apple shed a little light on the reasoning behind the creation of this silent Mac update and telling TechCrunch that the update was intended to help protect past and present users of the Zoom app for Mac from the app’s vulnerability while preserving the functionality of the app.

Updated on July 11, 2019: Apple released a Mac update that removes Zoom’s local web server.

Anita George
Anita George has been writing for Digital Trends' Computing section since 2018. So for almost six years, Anita has written…
Apple may have stealthily confirmed the new Mac mini
The Mac mini on a wooden table.

With the Apple iPhone event now behind us, we are still waiting for official news about new Macs. We recently reported on the slew of Macs that are most likely on the way, but Apple's been silent on the matter -- until now. A stealthy line of code in the new macOS Sequoia update reveals that a new Mac mini might be in the works, and the confirmation fits right in with previous reports.

Let's start with some context. According to Bloomberg's Mark Gurman, Apple is readying a new Mac mini with the M4 and the M4 Pro chip. Aside from the chip upgrade, the 2024 Mac mini is said to be redesigned to be smaller than ever before, marking the first major change in the design of the mini PC in many years. It's said to be around the same size as an Apple TV set-top box. To that end, we've heard that Apple might remove all of the USB-A ports on the Mac mini in an effort to make the PC even thinner.

Read more
The macOS Sequoia update just launched. Here’s why you should install it
The iPhone Mirroring feature from macOS Sequoia being demonstrated at the Worldwide Developers Conference (WWDC) 2024.

The macOS Sequoia update is finally here, bringing iPhone Mirroring, Safari updates, window tiling, and the new Passwords app to Mac. As promised, there are no Apple Intelligence features in this update, but they will start rolling out from next month.

iPhone Mirroring is the most exciting thing coming with this update, allowing you to check your messages, notifications, and apps without switching devices. The feature makes a lot of sense as the one time we truly don't need our phones is when we're already using a computer. Instead of taking your hands off the keyboard to pick up your iPhone, you can simply access it on your Mac like a phone-shaped app.

Read more
Here’s why Macs were a no-show at today’s Apple event
Greg Joswiak presents the iPhone 16 Pro at Apple's 'It's Glowtime' iPhone 16 event in September 2024.

Apple’s "It’s Glowtime" event was absolutely jam-packed with new products, including the iPhone 16 range, new Apple Watches, AirPods upgrades, and more. But something was conspicuous by its absence: the Mac. Where was Apple’s computer lineup?

If you’ve been wondering why there were no updates to the Mac, as well as when we might finally see some new Mac products, you’re in the right place. Here, we’ve got everything you need to know about the lack of Macs at Apple’s iPhone event, as well as when you’ll see Mac upgrades being announced.
The iPhone event was super busy

Read more