Apple has pushed a silent update to Mac users to remove the web server sneakily installed by popular video conference app Zoom, TechCrunch reports.
Earlier this week, a disclosure by security researcher Jonathan Leitschuh revealed how Zoom installed a secret local web server on Mac devices — with an intent to save an extra click — but left users vulnerable by making it possible for an attacker to hijack their webcams.
The undocumented server remained installed on users’ devices even after Zoom was uninstalled, allowing the app to be re-installed again without their knowledge.
Zoom initially defended its decision to install the web server, stating it allowed users to join Zoom meetings with one click. But it eventually walked back and released an emergency patch to remove the local web server completely. It also acknowledged it didn’t currently have an easy way to uninstall both the client and the server.
Apple confirmed to the outlet that it did push an automatic update, and said it doesn’t require any user intervention to be installed. The tech giant noted it took this step “to protect users from the risks posed by the exposed web server.”
Zoom, for its part, said it was “happy” to have worked with Apple to resolve the issue:
Zoom spokesperson Priscilla McCarthy told TechCrunch: “We’re happy to have worked with Apple on testing this update. We expect the web server issue to be resolved today. We appreciate our users’ patience as we continue to work through addressing their concerns.”
The communications provider also plans to introduce a new Uninstaller App for Mac to help the user easily delete both apps by this weekend.
