Apple informed us that it has sent an unattended security update for Macs to remove software automatically installed by RingCentral and Zhumu. These videoconferencing apps used both of Zoom's technologies-essentially white labels-and therefore also had Zoom vulnerabilities. In particular, they installed secondary software that could take commands from websites to open your webcam in a videoconference without your intervention.
Even uninstalling these apps does not remove this secondary web server, which means that many users do not receive the updates from software vendors to resolve the issue. That said, Apple is best positioned to remove the broken software, and so it is. Apple intends to fix the issue for all Zoom partner apps.
Yesterday, these additional issues were due to further research by Zoom's partner apps, but the bigger problem of installing a secondary Zoom web server, which could potentially be insecure, started with a zero announcement on July 8th. Since then, Zoom has been trying to find the right solution for its users ̵
Ultimately, the company decided that it was worth the update, but could not remove software for users who had uninstalled the main app. That's why Apple had to step in. Apple released its first silent patch to remove Zoom's additional software in July Today's update is essentially part of the same action.
The main issue is based on a change Zoom made to its videoconferencing software to work around a security update that Apple made for Safari. Safari was recently updated to require a user's approval every time it opened a third-party app, and Zoom wanted to prevent users from dealing with that extra click. This required the installation of a web server waiting for calls to open a zoom conference. Combine this with the fact that it was common and easy for zoom users to enable the default setting for video when joining a call, and that a malicious Web site with an iframe that could open a video call on your Mac camera ,