Apple quietly updates Macs to remove Zoom webcam exploit

Pedestrians use crosswalk in large metropolis

Facepalm: Following intense pressure from the media, security community, and its users, video conferencing provider Zoom has issued an emergency patch to address a zero-day vulnerability that it previously considered "low-risk." .

Earlier this week, a US-based security researcher named Jonathan Leitschuh had publicly disclosed a major vulnerability in the Zoom video conferencing software for Apple's Mac computers which could make any website start a video-enabled call by hacking the webcam of the system.

Despite the mishandling of the incident, Zoom's share price has continued to rise throughout the week, sitting at $92.72 a share at the time of writing, up 2% on the day. An issue in the product's architecture involving a localhost web server means a third party could potentially join a videoconferencing call without permission.

If the Zoom client is still on your Mac, uninstall it by dragging the Zoom app from the Applications folder to the trash.

"Zoom worked with Apple to test this update, which requires no user interaction". The goal of the update is only to remove the local web server installed by the Zoom app.

In a blog post Tuesday, Zoom said it planned to disable the web server feature, which was originally created to make it easier for users to join meetings without extra clicks.

Ross Perot's life in pictures
Perot has obviously changed my life, he has changed Texarkana College's life, he has changed this community's life and future". The pioneer of the computer services industry, who founded Electronic Data Systems Corp.in 1962 and Perot Systems Corp.

Zoom independently confirmed the vulnerability.

Zoom developers explained that the local server needs to store information about settings.

While Zoom has now committed to releasing a patch for the vulnerability by July 11, the company has said that it has no plans to change the behaviour of running a phantom web server on users' computers, explicitly stating that it is "not a security concern".

Mr Leitschuh also said in his blog that when he first discovered the flaw, he contacted Zoom to let them know of it and warned that he'll take it to the public in 90 days if it's not resolved.

However, a malicious website can exploit the web server by sending it a request for a video feed. It seems that Zoom thinks that asking a user if they want to join a meeting is a "poor user experience".

Related:

Comments

Latest news

Baker confuses request for 'Moana' birthday cake with 'marijuana'
The mother of 25-year-old Kensli Davis picked up the cake and brought it home, only to find a rather unexpected motif. She shared a photo of the cake on Facebook - one half is of My Little Pony and the other is a cannabis leaf.

Gunmen massacre 18 in Papua New Guinea
Over the previous years, the influx of computerized weapons has made clashes extra deadly and escalated the cycle of violence. Six people had been ambushed and killed near Peta on Saturday, Hela Police Chief Inspector Teddy Augwi told the newspaper.

Williamson hails ´brilliant´ New Zealand after World Cup stunner
India's captain reviewed the decision but could not get it overturned. "He timed the ball beautifully well", Williamson said. It was the third consecutive occasion when Virat Kohli failed to make it count in a World Cup semi-final.

Google Shares More Stadia Details On Controller, Multiplayer, VR Support
However, purchasing or managing content can be done with any device running iOS 11 or Android M or higher on both platforms. This means that if you want to gift Stadia to anyone you can easily do so.

Dollar slammed after Powell's bleak U.S
The Fed has kept its current benchmark overnight interest rate in a range of between 2.25 percent and 2.50 percent since December. The chance of a 50 bps cut rose to 27.6 per cent from 3.3 per cent on Tuesday, according to CME Group's FedWatch tool.

BP oil tanker sheltering in Gulf over fear of Iran attack
The ship "was navigating in worldwide waters", Deputy Foreign Minister Abbas Araghchi said at a press conference in Tehran. While the European Union has banned oil shipments to Syria since 2011, it had never seized a tanker at sea.

'Stranger Things' is breaking Netflix records in first days of season 3
But Stranger Things is set to smash that out of the park, as it's achieved that in a fraction of the time. The game will be available this fall for $39.99 and can be preordered now .

Borderlands 3 is the latest title to adopt Apex Legends’ ping system
You can also check your friends' inventories, skill trees and challenge progress from the Friends menu. All this news came during a Borderlands 3 panel held at the event and was compiled by GamesRadar .

Call of Duty: Black Ops 4's Operation Apocalypse Z is available now
For the rest, we remind you that Call of Duty: Black Ops 4 is available for PC, Xbox One and PS4. The map is designed in a Z-shape resulting in a combination of close and long-ranged firefights.

Cardinals still have 2020 5th-round pick after supplemental draft
To me, Thompson is worth a serious look with a third round pick, while Simms isn't worth more than a sixth round pick at best. Since the National Football League instituted the Supplemental Draft in 1977 , only 45 players have been selected in total.

Former Liverpool Striker Daniel Sturridge Reunited With Stolen Dog
The former Liverpool star came back home only to find out his dog was stolen and some items including bags were also stolen. Straight up. 20 Gs. "All I care about is the dog being returned". 30 Gs, whatever.

Terrifying moment aircraft engine breaks mid-flight - but were passengers at risk?
Tyler Kreuger, Porch's boyfriend, said that even though he had no service midair, he still texted his parents: "I love you". A video recorded by a passenger shows how a metal nose cone was bouncing inside the engine as the aircraft was in the air.

Nintendo Announces US$199 Nintendo Switch Lite For The Budget Gamer
Nintendo notes that there will be support for all existing Switch titles, although some games will have restrictions. In terms of controls, the Switch Lite ditches the detachable Joy-cons in favor of a solid built-in controller setup.

Amazon is Also Developing a Lord of the Rings MMO
While it sounds similar to the Amazon series, the company stands by its initial comments and states that it is a separate project. Check back here for more breaking news on the new Middle Eart game and Amazon's upcoming Lord of the Rings series.

The Raspberry Pi 4 Has a Flawed USB-C Port
It's actually normative , meaning mandatory, required by the spec in order to call your system a compliant USB-C power sink. As a result, the cable doesn't supply power, and your Raspberry Pi won't start up.

Other news