After all of the drama over Zooms use of a hidden web server on Macs, Apple itself has decided to step in, TechCrunch reports. It is issuing a silent update — meaning your Mac will get it without any interaction on your part — to remove the web server, which was designed to save Safari users an extra click, from any Mac that has Zooms software installed.
Although Zoom itself issued an emergency patch yesterday to remove that web server, apparently Apple is concerned that enough users wont update or are unaware of the controversy in the first place that its issuing its own patch. It makes perfect sense not only because many users may not open Zoom for some time, but also because many of them had uninstalled the app. Before Zooms emergency update, uninstalling the app left the web server on your computer — so Zoom wouldnt have a way to uninstall it with an updated app. That means the only reasonable and easy way for those people to get this patch would be for Apple to provide it. Apple reportedly believes this software update shouldnt affect Zooms ability to function on Macs.
basically, Apple stepped in because it knew a ton of people were still going to be vulnerable after they uninstalled Zoom but either didn't know of the vulnerability or didn't want to install the updated patched Zoom version.
— Zack Whittaker (@zackwhittaker) July 10, 2019
Apple also apparently gave Zoom a heads-up that this was happening:
Zoom spokesperson Priscilla McCarthy told TechCrunch: “Were happy to have worked with Apple on testing this update. We expect the web server issue to be resolved today. We appreciate our users patience as we continue to work through addressing their concerns.”
This entire saga began earlier in the week when security researcher Jonathan Leitschuh published his concerns over a serious vulnerability in Zoom that could allow any website to open up a Zoom conference call on your computer automatically with the webcam on. Even if you uninstalled Zoom, the web server persisted on your machine and could even reinstall the application automatically.
In the day that followed, Zoom first defended the use of a web server that enabled this functionality, then bowed to pressure and updated its app to remove it. Speaking to The Verge yesterday, Zooms chief information security officer, Richard Farley, explained that the company didnt really believe that there was anything wrong with its software, but it wanted to reassure everybody who disagreed:
Our original position was that installing this [web server] process in order to enable users to join the meeting without having to do these extra clicks — we believe t
