Teleconferencing software Zoom’s emergency patch to fix a major flaw that could allow hackers to spy on Mac users through their webcam with zero interaction on their part wasn’t enough for Apple, who have quietly rolled out a patch of its own to address the issue.
The flaw in Zoom’s client was the result of the company’s attempt to streamline the process for users joining calls they’d been invited to by installing a local web server on their computer that bypassed security features in Apple’s Safari browser.
This local server left users vulnerable even after they had uninstalled the Zoom client.
The flaw was discovered by security researcher Jonathan Leitschuh, who detailed his findings, as well as Zoom’s sluggish response, in a post on Medium.
The Cupertino company has now moved to fix the security flaw, helping users who may be unaware of the vulnerability, weren’t in a rush to update their Zoom client, or had already uninstalled it.
Apple often quietly pushes out updates to address malware, but the latest update is a rare move to address flaws in a well-known and widely used program.
More than 750,000 businesses around the world use Zoom’s teleconferencing software.
