After all the drama about Zoom's use of a hidden web server on Macs, Apple itself decided to intervene TechCrunch . A silent update will be released – that is, your Mac will receive it without your intervention – to remove the Web server, which will save Safari users an additional click, from any Mac that has the zoom software installed.
Although Zoom itself yesterday released an emergency patch to remove this web server. Apparently Apple fears that not enough users will update, or is the controversy not aware that it publishes its own patch. This is not only useful because many users do not open Zoom for some time, but also because many of them have uninstalled the app. Prior to the emergency update of Zoom, uninstalling the app left the web server on your computer. Zoom can not be uninstalled with an updated app. This means that the only reasonable and easy way for these people to get this patch is for Apple to provide it. Apple is reported to believe that this software update should not affect Zoom's ability to work on Macs.
Apple was basically of the opinion that after uninstalling Zoom still a lot of people would be vulnerable, of which, however, had no knowledge vulnerability or did not want to install the updated patched zoom version.
̵1; Zack Whittaker (@zackwhittaker) July 10, 2019
Apparently, Apple Zoom also gave an indication that this happened:
Zoom spokeswoman Priscilla McCarthy said to TechCrunch : "We are glad that we tested this update together with Apple. We assume that the web server problem will be resolved today. We appreciate the patience of our users as we continue to address their concerns.
This whole saga started earlier this week when security researcher Jonathan Leitschuh published his concern about a serious vulnerability in Zoom that could allow any site to automatically open a zoom phone conference on their computer with the webcam turned on. Even if you uninstalled Zoom, the web server persisted on your computer and could even automatically reinstall the application.
The following day, Zoom initially defended the use of a Web server that made this functionality possible, and then bent down to print and update his app to remove it. In a conversation with The Verge yesterday, Richard Farley, Zoom's Chief Information Security Officer, said the company did not really believe that there was anything wrong with its software, but it wanted to reassure everyone Disagree:  Our original position was to install this [web server] process so that users can join the meeting without having to spend those extra clicks – we believe this was the right decision. And it was [at] the request of some of our customers. However, we also recognize the opinions of others and respect that they do not want to install any additional process on their local computer. That's why we decided to remove this component.
As we wrote yesterday, all attention was focused on the tactic of using a web server for additional work on your computer, but this was not the case on its own. BlueJeans, a competing videoconferencing service, said it also uses similar software, but considers it safer. Sean Simmons, senior director of product management for the company, said:
While BlueJeans is using a launch service […]we've reduced this vulnerability by allowing the bluejeans.com sites to place the BlueJeans desktop app in a meeting to start . Second, uninstalling BlueJeans on Mac or Windows completely removes the application and launch service described in the above article. We continue to review all points in the media contribution and expect to release another update shortly.
The story, excuse the pun, may go beyond this special web conferencing software and refer to other apps for that Mac. We have contacted Apple about this issue and will report it as we learn more.