The vulnerability was particularly serious because Zoom had a hidden Web server installed on users' computers to automatically answer incoming calls. This web server was not only the vulnerability that could be exploited, but also is not removed when deleting the app. As a result, users who previously deleted Zoom may not even notice that they are vulnerable to this potential attack.
After initially defending the decision to install a web server on users' computers to bypass changes in Safari 1
Apple has now gone a step further and released a silent MacOS update that removes the web server, TechCrunch . The update is automatically deployed so users do not have to manually apply it for it to take effect.
Although Zoom released a fix app version on Tuesday, Apple has announced that its actions will protect both previous and current users from the vulnerability of undocumented web servers without compromising or compromising the functionality of the Zoom app itself.
The update now prompts users to open the app while it was previously opened automatically.
Zoom announced TechCrunch that it was "glad to have collaborated with Apple on testing this update". and that it should solve all problems with the web server.
In a blog post, Zoom states that further action will be taken this weekend by automatically selecting first-time users who by default select "Always turn off my video" and disable the video for all future meetings. In addition, Zoom will enhance the bug bounty program and escalation process for security-related issues.