Apple update kills off Zoom web server

Adjust Comment Print

It's used by 750,000 companies around the world to conduct their business, including such big names as Nasdaq, the U.S. Centers for Disease Control and Prevention, the U.S. Department of Homeland Security, and the U.S. Department of Energy. The update, removed a feature that quickly connected people to conference calls. According to Zoom, updating your client will now not just fix the issue, but eradicate the local web server. The Apple representative said the company took this action to protect users against dangers posed by the webserver.

In a more detailed public statement, Zoom said admins and users will be able to turn off video if they configure their client video settings, and that preferences from their first Zoom meeting will be saved once they apply its July update.

Commenting on the matter, Eoin Keary, CEO, and co-founder of Edgescan said: "A vulnerability in any software is unsurprising and can be fixed with a patch prior to disclosure if the vendor addresses the issue in a timely manner".

Zoom spokesperson Priscilla McCarthy told TechCrunch: "We're happy to have worked with Apple on testing this update".

"We appreciate the hard work of the security researcher in identifying security concerns on our platform", wrote the company.

Attorney: Girl fell to death from open window on cruise ship
The revelation comes after local officials initially said Anello had been "dangling" the toddler out of the window and had lost his grip.

Security researcher Jonathan Leitschuh originally disclosed the vulnerability to Zoom on March 26, 2019, and it included a quick fix from his side as well until the company got around to finding a better solution.

According to Leitschuh's claims earlier this week, even if Mac users uninstall the Zoom app from their system, the web server continues to persist and it can reinstall Zoom without the user's permission.

"On the one hand it took over 100 days for them to actually take this seriously and it required public outcry", Leitschuh told Wired. So that's why we made the decision to remove that component.

Of particular issue, Leitschuh found that even if a Mac user had uninstalled the Zoom client, a localhost web server would remain on the user's machine that re-installed the client without any interaction from the user beyond visiting a Web page. "This is a breach of transparency and exposes individuals who believe they don't have the software installed to attacks". Its underhanded and breaches trust boundaries.

Zoom's video conferencing app isn't some small, fly-by-night service either. A physical barrier is far superior'.

Comments