Apple sneaks updates to remove video conferencing tool vulnerabilities from macOS


by John Beans

Apple has built the video conferencing tool ' Zoom ', which has been pointed out that the server is built on the PC without the user's permission and the camera is accessed without the user's permission to allow the user to join the video call. TechCrunch reports that they were sneaking into macOS with updates to remove Zoom's servers.

Apple has pushed a silent Mac update to remove hidden Zoom web server | TechCrunch
https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/


Apple is silently removing Zoom's web server software from Macs-The Verge
https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-server-automatic-removal-silent-update-webcam-vulnerability


The vulnerability pointed out in the video conferencing tool Zoom refers to building a server and enabling a camera without the user's permission. The macOS version is designed to automatically build a server on a PC without the user's permission at the time of installation, and there was a risk that it could be automatically reinstalled even if it was uninstalled if a malicious URL was accessed. In addition, because it was possible to activate the camera without the permission of the user, it was possible to be forced to participate in the video conference without knowing.

The discovered engineer reported this vulnerability to the development company Zoom, but Zoom's response was inadequate. Therefore, the engineer announced the details of the vulnerability and how to fix it on July 9, 2019. Zoom immediately released a patch, but was criticized by many users.

A video conversation software 'Zoom' has a vulnerability where a camera is activated without user's permission-GIGAZINE


TechCrunch reports that Apple's unpublished macOS update has removed servers that were built upon Zoom installation. According to Apple's TechCrunch, the update will be delivered automatically without any user interaction, and at the time of writing the details of the update have already been published.

Although 'silent update' without a notice by Apple has so far been exemplified in anti-malware measures, it is extremely unusual to be implemented in measures for ordinary applications such as Zoom.

by John Beans

'We are happy to work with Apple to test the update,' said Priscila McCarthy, a Zoom spokeswoman, expecting that the problem of building a server on your own will be resolved soon. 'Thanks to the users who endured until we solved it.'

in Software, Posted by log1i_yk