Apple rolls out a silent Mac update that removes Zoom’s local web server

sotck photo of Macbook Pro
Craig Adderley/Pexels

A security researcher recently discovered that the Zoom app has a pretty troubling security flaw for those who use the app on Macs. According to a Medium post published on Monday, July 8, by security researcher Jonathan Leitschuh, the Mac version of the Zoom app has a vulnerability that lets websites launch video calls (and turn on your webcam) without your permission.

But as of Wednesday, July 10, Apple decided to address Zoom’s security issue with a solution of its own: A silent Mac update that removes a problematic localhost web server that comes with the Mac version of the popular video conferencing app, TechCrunch reports.

Zoom is well-known and used by countless companies precisely because of its ease of use. (Users can join video calls with just a shared link and a click.) But it turns out that that particular easy-to-use feature is the source of the vulnerability. According to Leitschuh’s post, the installation of the Zoom client for Mac doesn’t just come with the video calling app itself; it also comes with a localhost web server that is also installed. This local server is what allows Mac users to have one-click access to a Zoom video call. But as Leitschuh notes, the local server feature “really hadn’t been implemented securely.”

In fact, the server is so vulnerable that it allows other, potentially malicious websites, access to Mac webcams to “forcibly join a user to a Zoom call” and turn on their webcams without permission. In addition, the server’s security flaw (for older versions of Zoom) also would have let websites complete a DoS (Denial of Service) attack on Macs “by repeatedly joining a user to an invalid call.” Leitschuh also noted that the DoS security flaw was patched in version 4.4.2 of the Zoom client.

Users can’t just uninstall Zoom to fix the problem either. Leitschuh’s report also mentioned that the local web server stays on your Mac even after uninstalling Zoom. Plus, that server can still reinstall Zoom without your permission. And it appears, at least according to Leitschuh’s version of events, that Zoom, while aware of the flaw, hadn’t fully fixed the security issue at the time.

Zoom initially said it wouldn’t fix the issue, but eventually said it would release a patch Tuesday that would eliminate the bug, according to Wired.

Despite Zoom’s newly released patch, Apple has now provided its own fix for Zoom’s webcam security issue. According to TechCrunch, the (automatic) silent Mac update is expected to remove the local server that had been installed along with Zoom’s video conferencing app. The silent update will also contain a feature that asks Mac users if they want to open the Zoom app, instead of just opening the app automatically.

Apple shed a little light on the reasoning behind the creation of this silent Mac update and telling TechCrunch that the update was intended to help protect past and present users of the Zoom app for Mac from the app’s vulnerability while preserving the functionality of the app.

Updated on July 11, 2019: Apple released a Mac update that removes Zoom’s local web server.

Home Theater

Why are current smart TVs still dumb enough to be hacked?

Our smart TVs can stream on-demand music and movies, and even control our smart home devices. But these features come at a cost and many of us don't even know there's a risk. Can our smart TVs be hacked and what can we do about it?
Computing

Use one of these password managers to help protect yourself online

The internet can be a scary place, especially if you don't have a proper password manager. This guide will show you the best password managers you can get right now, including both premium and free options.
News

Worried about how FaceApp is using your photos? Here’s how to delete your data

Are you concerned about your privacy with FaceApp? If so, you might want to delete your data from the app. The app has come under fire for its terms of service and privacy policies that it can use your face photos in any way it wants to. 
Smart Home

Keep a watch on your front porch with the best video doorbells for 2019

When it comes to knowing who's at your door before you actually open it, there's nothing better than a video doorbell. Plus, you can "answer" the door even if you're not home. Here are some of our favorites.
Deals

Walmart chops $175 off the 2017 10.5-inch, 64GB iPad Pro

Discounts on Apple products are hard to come by, even when it involves prior generation products. However, we've spotted a sale on 2017 iPad Pro tablet at Walmart, with some colors as much as $175 off retail.
Computing

The fabled 16-inch MacBook Pro could launch this October

Rumors have been swirling around the new 16-inch MacBook Pro, and a new report claims it could be in your hands this October. That’s not all, as the same report predicts refreshes to the MacBook Air and 13-inch MacBook Pro.
Product Review

Size matters not. Acer's Predator Orion 3000 is a pint-sized PC Vader would use

Choosing the right gaming PC can be an overwhelming decision, but thankfully that’s not the case as Acer has configured the Predator Orion 3000 with solid components, delivering competitive performance for its value.
Computing

Besides a rumored launch in October, the 16-inch MacBook Pro is a mystery

An all-new MacBook Pro is on the horizon, with Apple said to equip its new laptop with a 16-inch display and powerful processors. We’ve got everything you need to know here, from price and performance to release date and rumors.
Computing

Battle of the bezels: Can the ZenBook S13 outdo the fan-favorite XPS 13?

The Asus ZenBook S13 wants to take on the Dell XPS 13 in the tiny-bezel laptop wars. The ZenBook is fast and well-built, but does it offer enough value to take on our favorite small laptop?
Computing

Ryzen 3000 has already made huge impact, and it's only getting started

AMD's upcoming Ryzen 3000 generation of CPUs could be the most powerful processors we've ever seen, with higher core counts, greater clock speeds, and competitive pricing. Here's what we know so far.
Computing

The choice between the 13-inch and 15-inch MacBook Pros is about more than size

If you’re in the market for a new MacBook Pro, which model should you choose? Is the MacBook Pro 13 or MacBook Pro 15 the best option for you? Don’t worry, our guide will help you decide which model to go for.
Computing

Microsoft patent hints at new ways to interact with dual-screen Surface tablet

It is no secret that Microsoft has been working on a folding dual-screen Surface tablet, but now a recent patent suggests that the Surface Centarus could feature multifunction buttons.
Computing

AMD's Ryzen CPUs offer some of the best bang for the buck, but which is best?

AMD's Ryzen CPUs have had a huge impact on the PC industry, from gaming to productivity, but which ones are the best? To find out we put some of the chips through their paces and came out with some solid recommendations.
Computing

Does Equifax owe you money? Here’s how you can find out

Equifax has agreed to a settlement for its 2017 data breach that includes restitution payments and other benefits for consumers affected by the data breach. Here's what we know so far about these payments and benefits and how to claim them.