advertisement
Forums

The Forum is sponsored by 
 

AAPL stock: Click Here

You are currently viewing the Tips and Deals forum
push it real good?!....Apple pushes 2nd update related to Zoom vulnerability....
Posted by: NewtonMP2100
Date: July 16, 2019 01:19PM
....uh.....push it good.....push it real....good......


Apple Pushes Another Automatic Mac Software Update to Address Further Zoom-Related Vulnerabilities

.....Apple today pushed a second silent security update to Macs to address further vulnerabilities related to the Zoom video conferencing app for macOS, reports The Verge.

Apple removed software that was installed by RingCentral and Zhumu, two video conferencing apps that relied on technology from Zoom and were also found to have the same vulnerabilities as Zoom earlier this week.

These two apps installed software able to respond to commands that could potentially allow websites to open up your webcam during a video conference without permission. Removing the apps did not remove the secondary software that was vulnerable to exploitation, which is also how Zoom worked.

Discovered last week, the Zoom vulnerability let a website forcibly initiate a video call on a Mac with the Zoom app installed, due to a web server that Zoom installed in the background.

When the vulnerability was first discovered, Zoom said that it used a local web server as a workaround to Safari changes that Apple introduced in Safari 12, calling it a "legitimate solution" to an otherwise "poor user experience" that allowed users to access "seamless, one-click-to-join meetings."

At issue was a new popup Apple implemented to require user approval when launching a third-party app, which Zoom wanted to avoid. Zoom did so through the aforementioned web server, which was designed to wait for calls to open up Zoom conferences automatically.

Zoom eventually released a patch to address the issue, and Apple also took the step of removing web server software that was not initially removed from the Mac when uninstalling the Zoom app. Zoom has since made it so uninstalling the Zoom app will remove the web server, and has made other changes.

Installing Zoom no longer installs a local web server on Mac devices, and there is a new setting to save the "Always turn off my video" preference that disables video in Zoom by default until it is manually enabled.

As with the original Zoom patch, the new patch for RingCentral and Zhumu is deployed automatically so that users are not required to apply it manually for it to take effect. Apple told The Verge that it plans to fix the vulnerability for all of Zoom's partner apps.



who's.....zooming......who..........?!



_____________________________________

I reject your reality and substitute my own!



Edited 1 time(s). Last edit at 07/16/2019 01:31PM by NewtonMP2100.
Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 323
Record Number of Users: 52 on November 20, 2014
Record Number of Guests: 2330 on October 25, 2018