Apple Has Pushed a Silent MacOS Update to Remove Zoom’s Hidden Web Server

Zack Whittaker, reporting for TechCrunch:

Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.

Apple said the update does not require any user interaction and is deployed automatically.

That’s the end of that chapter. I forgot to mention the other day that the worst part about Zoom’s local web server is that if you deleted the Zoom app, the web server would silently reinstall the Zoom app if a website you visited requested it. That phrase I quoted yesterday, “nonconsensual technology”, really sums it up. I’ll go out on a limb and say Apple is none too pleased about this. I can’t think of a better example to explain why we — which is to say honest Mac users and developers — are stuck with ever-tightening sandbox restrictions on the Mac.

Thursday, 11 July 2019