More than 750000 companies which include around 4 million users in the world, use Zoom for video conferencing. After a bug came in, where users were automatically added to the video call, Apple decided to intervene and has released a silent automatic update which does not require any action to be taken by the user. The update is for Mac users which removes the vulnerable component in Zoom.
To remove the webserver that is causing the issue, Zoom has released an emergency update of itself for all the Apple Macs. But Apple brought the update itself because it has its own concerns. It believes that some users may not be aware of the Zoom software glitch, let alone fixing it. Some people also may not open the app for a period of time or could have even uninstalled the app. What good would Zoom’s software update be able to make if it is not only in the computer? Uninstalling the Zoom app before the software update left the webserver on the computers itself.
It is only justified that Apple gets the software updated in the Mac that removes the glitch. It also would be a reasonable and easy way. Apple believes that the installation of its software update would not affect Zoom’s ability to function on Macs.
Apparently, Apple also cautioned Zoom about what was happening. Zoom spokesperson Priscilla McCarthy told: “We’re happy to have worked with Apple on testing this update. We expect the web server issue to be resolved today. We appreciate our users’ patience as we continue to work through addressing their concerns.”
Zoom’s chief information security officer, Richard Farley explained what thought went behind this Zoom’s feature – “Our original position was that installing this [web server] process in order to enable users to join the meeting without having to do these extra clicks — we believe that was the right decision. And it was [at] the request of some of our customers. But we also recognize and respect the view of others that say they don’t want to have an extra process installed on their local machine. So that’s why we made the decision to remove that component.”
There is another app though which uses similar kind of software like that of Zoom. Sean Simmons, senior director of product management at the company told that they use a launcher service that only allows bluejeans.com websites to launch the desktop app of the same. Also, if the user uninstalls the app, either on Mac or Windows, it removes the complete application. It is giving them an edge over the Zoom since privacy issues of the users are perfectly taken care of here.
The problem was first detected by security researcher Jonathan Leitschuh, which he published expressing his serious concerns over the vulnerability in the Zoom app that allows any website to open a Zoom conference call on the personal computers and that too with the webcam on without the user’s permission.