Apple has released an update for computers running macOS, which is installed seamlessly without user intervention. The update removes the Zoom web server from the system, a serious vulnerability in which allowed attackers to remotely start the Apple Notebook camcorder.
Zoom developer company also released a patch that stops the web server. However, Apple decided that not all users will pay attention to the update and will traditionally ignore it for at least some time.
In addition, some users could delete the application itself, but its vulnerable component remained in the system. For this reason, Apple’s patch has become the best way out.
Rustle on the eve brought a researcher in the field of IT-security, which found a vulnerability in the Zoom. It allowed Zoom video conferences to be launched remotely – all that was required was to click on the link, after which the victim’s MacBook camera was connected. Uninstalling the program did not help – the web server initiated its re-installation and launched the camera.
Zoom explained that they just wanted to make managing the program easier and remove “extra clicks”.