Apple has released a silent update for Mac users in a vulnerable component in Zoom, the popular video conferencing app, which allows websites to automatically add a video call without their permission.
Calif.-based tech giant customs TechCrunch that the update – now released – removes the hidden web server, which is quietly installed on users' Macs when they installed the app.
interaction and is deployed automatically.
The video conferencing giant took the form of users following a public vulnerability disclosure on Monday by Jonathan Leitschuh, which he described as "any website [could] forcibly join a user to a Zoom call, with their video camera activated, without the user's permission. ”The undocumented web server was installed even if a user uninstalled Zoom. Search for this option Zoom to reinstall the app without requiring any user interaction
He also released a proof-of-concept page demonstrating the vulnerability.
Although Zoom released a fixed app version on Tuesday, Apple said its actions will protect users both past and present from the undocumented web server vulnerability without affecting or hindering the functionality of the Zoom app itself.
The update will now prompt users if they want to open the app, whereas before it would open automatically. Often art often often often often often often to to to to to to to but but but but The company said it pushed the update to protect users from the risks posed by the exposed web server.
Zoom spokesperson Priscilla McCarthy told TechCrunch: "We're happy to have worked with Apple on testing this update. We expect the web server issue to be resolved today. We appreciate our users' patience as we continue to work through addressing their concerns. ”
More than four million users across 750,000 companies around the world use Zoom for video conferencing.