Apple has pushed a quite update to Mac users to remove the webserver sneakily installed by popular video conference app Zoom. With an intent to save an extra click recently, how Zoom installed a secret local web server on Mac devices but left users vulnerable by making it possible for an attacker to hijack their webcams which were a disclosure revealed by security researcher Jonathan Leitschuh revealed. Zoom later backtracked and released a patch to remove the webserver from users' computers though defending the decision to install a web server on users' machines to work on changes that would have required users to click to accept incoming calls in Safari 12.
Apple has now taken things one step further and pushed out a silent macOS update that removes the webserver, reports TechCrunch. In order for it to take effect the update is deployed automatically, so users don't have to manually apply it.
Without affecting or hindering the functionality of the Zoom app itself, apple said its actions will protect users both past and present from the undocumented web server vulnerability.
The update will now prompt users if they want to open the app, whereas before it would open automatically. Zoom told it was "happy to have worked with Apple on testing this update" and that it should resolve all issues with the webserver.
To have a video off for all future meetings, Zoom says it will take further action this weekend by automatically having first-time users who select "Always turn off my video" default. In addition, Zoom will soon be improving its bug bounty program and security-related issue, Zoom says in a blog post.