Apple fixes major Zoom video conferencing security flaw


Zoom video conferencing for Mac
These people all know they are on a Zoom call.
Photo: Zoom

Mac users who’ve used the Zoom video conferencing application can now be assured that a serious security flaw has been dealt with. Apple pushed out a patch that removed the vulnerability from every Mac, without users needing to do anything.

Before the fix, the flaw potentially let malicious websites force people into Zoom video calls.

Zoom: You’re on camera, whether you want to be or not

Security researcher Jonathan Leitschuh recently stumbled upon a vulnerability that allowed hackers to break into a target’s Mac webcam. “Any website [could] forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission,” said Leitschuh.

Zoom hastily released a fix, but it requires users to update this software.

Apple to the rescue

Apple has the power to go beyond that. Its macOS update removes a controversial web server that Zoom had installed on user’s Macs without their knowledge. This software stayed on the computer even when earlier versions of Zoom were uninstalled, and potentially could have been used by hackers to force people into video calls.

Apple’s system software update has already gone out and installed itself. It doesn’t deactivate Zoom, just that one hidden “feature.”

Source: TechCrunch



Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.