Mac users who’ve used the Zoom video conferencing application can now be assured that a serious security flaw has been dealt with. Apple pushed out a patch that removed the vulnerability from every Mac, without users needing to do anything.
Before the fix, the flaw potentially let malicious websites force people into Zoom video calls.
Zoom: You’re on camera, whether you want to be or not
Security researcher Jonathan Leitschuh recently stumbled upon a vulnerability that allowed hackers to break into a target’s Mac webcam. “Any website [could] forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission,” said Leitschuh.
Zoom hastily released a fix, but it requires users to update this software.
Apple to the rescue
Apple has the power to go beyond that. Its macOS update removes a controversial web server that Zoom had installed on user’s Macs without their knowledge. This software stayed on the computer even when earlier versions of Zoom were uninstalled, and potentially could have been used by hackers to force people into video calls.
Apple’s system software update has already gone out and installed itself. It doesn’t deactivate Zoom, just that one hidden “feature.”
Source: TechCrunch