Apple has released an update that removes a vulnerable server in Zoom that potentially gave hackers the ability to automatically add a user to a call without permission.
Zoom, the video conferencing app, had the server downloaded on Macs when users initially installed the app. Apple told TechCrunch that the update removes the hidden server from Macs, and that it is deployed automatically.
The vulnerability was exposed on July 8th, following a Medium post from security researcher, Jonathan Leitschuh. “This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission,” Leitschuh wrote.
The vulnerable server would still remain installed on a Mac even after a user uninstalled Zoom. Leitschuh said this meant that Zoom could reinstall the app without requiring any permission from the user.
Further, instead of opening automatically, the Zoom app will now ask users if they want to open it.
Zoom released an updated app on July 10th, but Apple says that its update is enough to protect users from previous or current issues from the server.