Last week security researchers unearthed a vulnerability in Zoom video conferencing app. The vulnerability allowed others to open your webcam without an invite. Initially, Zoom downplayed the issue and later issued a patch alongside an explanation. However, the Zoom webcam vulnerability only seems to have opened a pandora’s box.
Apple informed that it has silently sent out an update to Macs to automatically remove software installed by RingCentral and Zhumu. As noted previously, simply removing the apps will not fix the vulnerability. The secondary web server will not be removed even if the software vendors fix the issue. The dire situation seems to have forced Apple to take the matters into their own hands and automatically delete the software from the macOS web servers.
The Zoom vulnerability came to light last week and Apple had pushed a silent update to remove the webserver. This time around Apple has issued yet another silent update to remove RingCentral and Zhumu. The update is completely autonomous and doesn’t need intervention. Yesterday, RingCentral and Zhumu, video conferencing apps that use Zoom’s code were found to have installed their own webservers. The makers of video conferencing app install software on webservers to allow users to join meetings with one click.
Even when users uninstall the video conferencing app, it lives on the web servers. Apple may have to issue many such updates since other apps using Zoom’s code are likely to be affected by the webcam vulnerability. The company usually issues silent updates to weed out malware, however, this is the first time it has stepped in to fix a flaw caused by a third-party app.