Apple rolls out a silent Mac update that removes Zoom’s local web server

sotck photo of Macbook Pro
Craig Adderley/Pexels

A security researcher recently discovered that the Zoom app has a pretty troubling security flaw for those who use the app on Macs. According to a Medium post published on Monday, July 8, by security researcher Jonathan Leitschuh, the Mac version of the Zoom app has a vulnerability that lets websites launch video calls (and turn on your webcam) without your permission.

But as of Wednesday, July 10, Apple decided to address Zoom’s security issue with a solution of its own: A silent Mac update that removes a problematic localhost web server that comes with the Mac version of the popular video conferencing app, TechCrunch reports.

Zoom is well-known and used by countless companies precisely because of its ease of use. (Users can join video calls with just a shared link and a click.) But it turns out that that particular easy-to-use feature is the source of the vulnerability. According to Leitschuh’s post, the installation of the Zoom client for Mac doesn’t just come with the video calling app itself; it also comes with a localhost web server that is also installed. This local server is what allows Mac users to have one-click access to a Zoom video call. But as Leitschuh notes, the local server feature “really hadn’t been implemented securely.”

In fact, the server is so vulnerable that it allows other, potentially malicious websites, access to Mac webcams to “forcibly join a user to a Zoom call” and turn on their webcams without permission. In addition, the server’s security flaw (for older versions of Zoom) also would have let websites complete a DoS (Denial of Service) attack on Macs “by repeatedly joining a user to an invalid call.” Leitschuh also noted that the DoS security flaw was patched in version 4.4.2 of the Zoom client.

Users can’t just uninstall Zoom to fix the problem either. Leitschuh’s report also mentioned that the local web server stays on your Mac even after uninstalling Zoom. Plus, that server can still reinstall Zoom without your permission. And it appears, at least according to Leitschuh’s version of events, that Zoom, while aware of the flaw, hadn’t fully fixed the security issue at the time.

Zoom initially said it wouldn’t fix the issue, but eventually said it would release a patch Tuesday that would eliminate the bug, according to Wired.

Despite Zoom’s newly released patch, Apple has now provided its own fix for Zoom’s webcam security issue. According to TechCrunch, the (automatic) silent Mac update is expected to remove the local server that had been installed along with Zoom’s video conferencing app. The silent update will also contain a feature that asks Mac users if they want to open the Zoom app, instead of just opening the app automatically.

Apple shed a little light on the reasoning behind the creation of this silent Mac update and telling TechCrunch that the update was intended to help protect past and present users of the Zoom app for Mac from the app’s vulnerability while preserving the functionality of the app.

Updated on July 11, 2019: Apple released a Mac update that removes Zoom’s local web server.


Worried about how FaceApp is using your photos? Here’s how to delete your data

Are you concerned about your privacy with FaceApp? If so, you might want to delete your data from the app. The app has come under fire for its terms of service and privacy policies that it can use your face photos in any way it wants to. 

Use one of these password managers to help protect yourself online

The internet can be a scary place, especially if you don't have a proper password manager. This guide will show you the best password managers you can get right now, including both premium and free options.
Smart Home

Keep a watch on your front porch with the best video doorbells for 2019

When it comes to knowing who's at your door before you actually open it, there's nothing better than a video doorbell. Plus, you can "answer" the door even if you're not home. Here are some of our favorites.

Don't pay for that app! These top-notch screen recorders are absolutely free

Our list of the best free screen recorders showcases some of the top apps for capturing video on your computer - without paying for the feature. Whether you're in a business or on your own, take a look at the these options.

Slack is resetting user passwords in response to a 2015 data breach

In response to recently discovered information regarding a 2015 data breach, collaboration software company Slack will be resetting the passwords of some of its user accounts beginning July 18.

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they accumulate files and misconfigure settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.

Nvidia’s RTX shows how Neil Armstrong would appear if Apollo 11 landed today

If the grainy images captured on the moon in 1969 by Neil Armstrong and Buzz Aldrin were taken today, we now know what they'd look like, thanks to Nvidia, which used ray tracing technology to remaster these stunning shots.

Lose the key for your favorite software? These handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.

Amazon Prime Day deals are ending, but you can still get great bargains

Prime Day 2019 has come to an end for Amazon, but that doesn't mean the Prime Day deals are over. With deals from Walmart, Best Buy, and Amazon still going on, this massive shopping event is continuing on through the week.

Walmart extends Prime Day sale into Sunday: 4K TV, Apple, and Smart Watch deals

Prime Day 2019 has come to an end for Amazon, but that doesn't mean the deals are over. Walmart's Prime Day sale has been extended into the weekend. With 4K TVs, Apple Watches, and Nintendo Switch deals, there are great savings.

A PC anyone can build: The 2018 Kano computer kit is the cheapest it’s ever been

The pocket-sized Raspberry Pi is a dream toy for tinkerers, coders, do-it-yourselfers, and even kids, and the Kano computer kit (a perfect gift for any budding tech enthusiast) is now on sale from Amazon for the lowest price we’ve seen.

AMD is leaving Intel in the dust on die size, with no 7nm Intel chips until 2021

Intel CEO Bob Swan revealed this week at Brainstorm Tech 2019 that Intel will not begin producing chips with 7nm fabrication until 2021. This news comes only two months after Intel's Computex 2019 keynote unveiled 10nm chips for the first…
Small Business

Norton vs McAfee: Which Antivirus software is best for your small business?

Effective antivirus software is essential within a small business environment. With Norton and McAfee the biggest names in the business, we take a look at what's best for your company.

Walmart slashes $70 off the Acer Chromebook Spin 11 for summer clearance sale

Need a laptop that you’ll just use primarily for web browsing? Buy a Chromebook. Chromebooks are cheaper alternatives to normal laptops, like the Acer Chromebook Spin 11. It's available on Walmart for only $229, which is $70 less than its…