Earlier today, Zoom announced that it has rolled out a patched version of its Mac client fixing a serious vulnerability that allowed a website to automatically join an ongoing Zoom video call. Apple, however, has taken things in its own hands and has silently rolled out an update which removes the local Zoom web server from Macs.
The update does not require any kind of user intervention and is silently being installed on all Macs. The company says that the security update will patch the web server vulnerability without affecting the functionality of Zoom itself. Without the update, Zoom would open automatically during an incoming video call. Now, users would be greeted with a prompt first on whether they would like to open the app or not.
Zoom spokesperson Priscilla McCarthy issued a statement to TechCrunch: “We’re happy to have worked with Apple on testing this update. We expect the web server issue to be resolved today. We appreciate our users’ patience as we continue to work through addressing their concerns.”
While Zoom has already issued an update to its app to patch the vulnerability, it requires users to manually update the app. In comparison, Apple is silently rolling out its fix to all Macs out there thereby ensuring they are automatically protected from this vulnerability.
Zoom has come under a lot of criticism for the way it has handled the whole scenario. Despite being made aware of this security exploit over three months ago, the company did nothing and eventually rolled out a quick fix. It was only after the exploit was made public by Jonathan Leitschuh that the company jumped into action and took the matter seriously. Despite that though, it defended the use of a local web server claiming that it offered ease of use that was important for its service.