Apple has reportedly released a silent update for all its Mac users, thereby removing a vulnerable component in Zoom Mac App, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. And now, Apple seems to have taken things a step further and pushed out a silent macOS update that removes the web server, reports TechCrunch. The update is deployed automatically, so users don’t have to manually apply it in order for it to take effect.
“Although Zoom released a fixed app version on Tuesday, Apple said its actions will protect users both past and present from the undocumented web server vulnerability without affecting or hindering the functionality of the Zoom app itself.
The update will now prompt users if they want to open the app, whereas before it would open automatically.”
Apple earlier has often pushed silent signature updates to Macs to tackle known malware, similar to an anti-malware service however, it is very rare for Apple to take action publicly against a known and popular app. Apple is pushing an update to fix a problem with an above-board developer that has over four million users. Neither Apple nor Zoom wanted to take any chances, even if the practical threat of someone using the exploit is slim.
Zoom said that it is “happy” to have worked with Apple on the update:
“Zoom spokesperson Priscilla McCarthy told TechCrunch: “We’re happy to have worked with Apple on testing this update. We expect the web server issue to be resolved today. We appreciate our users’ patience as we continue to work through addressing their concerns.”