HACKINTOSH.ORG | Macintosh discussion forums

Macintosh News => Apple News => Topic started by: HCK on July 14, 2019, 04:05:13 pm



Title: Zoom patches Mac app to remove local server, allow uninstalls following backlash
Post by: HCK on July 14, 2019, 04:05:13 pm
Zoom patches Mac app to remove local server, allow uninstalls following backlash

<article>
   <section class="page">
<p><strong>Update 7/11:</strong> Apple has issued a silent update to macOS that removes the Zoom Mac app's localhost server.</p><p>Zoom has released a patch for its Mac app that removes a localhost web server from your Mac and allows users to manually uninstall the app from the menubar after a serious flaw was discovered. You can download the patch <a href="https://zoom.us/download?zcid=1231&amp;_ga=2.63789295.1556413281.1562777449-383885085.1555599319" rel="nofollow">here[/url].</p><p> <a href="https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5" rel="nofollow">In a Medium post[/url] earlier this week, security researcher Jonathan Leitschuh disclosed a vulnerability in the app that could allow a website to access your Mac’s camera without your knowledge or permission. As Leitschuh explained, the vulnerability stemmed from Zoom’s quest for simplicity. As the service works, you can just send anyone a Zoom meeting link which will in turn automatically open the Zoom client installed on their machine. In case you’ve deleted the app, Zoom keeps a localhost web server running silently on your Mac, Leitschuh said, so the Zoom client will reinstall when a link is clicked without requiring any user interaction on your behalf besides visiting a webpage.</p><p class="jumpTag"><a href="/article/3407764/zoom-mac-app-flaw-camera-patch.html#jump">To read this article in full, please click here[/url]</p></section></article>

Source: Zoom patches Mac app to remove local server, allow uninstalls following backlash (https://www.macworld.com/article/3407764/zoom-mac-app-flaw-camera-patch.html#tk.rss_all)