In recent weeks, security researchers have revealed several vulnerabilities in Macs caused by the video conferencing app Zoom. Two other apps, RingCentral and Zhumu, which rely on Zoom technology, were also affected. Following the disclosures, Apple has been on the frontline to provide security patches that address the Zoom-related vulnerabilities.
Mac users will be happy to hear that silent Mac updates are available to address the vulnerable Zoom software because as you will soon learn, the bug exposed millions of Zoom service users to attacks from malicious websites and to gross privacy violations.
What Is the Cause of the Zoom Vulnerability?
As you are probably aware, Zoom is a video conferencing and communication app for macOS. To enable video conferencing, the app has to ask for your permission before opening the Zoom client on your computer, or at least that is what you’d expect to happen. With the Safari 12 changes that required user confirmation before joining any Zoom call, it became even harder for Zoom to automatically launch without user consent. The company, however, found a way to enable an automatic connection by installing a local host web server that could be activated by an incoming Zoom connection and without the need for user consent.
According to the app developers, this constituted a “legitimate solution a poor user experience problem.” The local web server could, however, also be used by malicious websites to join any Zoom chat forcibly and to open the webcam on your Mac.
On top of this, the vulnerability could also be used to launch a denial of service (DOS) attack on your Mac if repeated requests are made to join a Zoom chat.
Following the revelation, some users attempted to uninstall the Zoom software from their computers, but this did not in any way make them safer, given that the local web server on your machine can reinstall the Zoom app whenever it receives an incoming Zoom connection.
Apple Fixes Zoom Vulnerability
Following the disclosures, Apple was forced to release updates that removed the Zoom localhost server and the loopholes that made it possible for the app to bypass the set privacy controls. Zoom also issued updates indicating that it was working on a patch and that it intended to remove the local server that enabled the privacy violations. But with the server already installed on millions of Macs around the world, it falls to Apple to do the heavy lifting and make sure that the vulnerabilities are dealt with as swiftly as possible. Zoom, after all, is a service that is used by more than 750,000 companies worldwide and by millions of ordinary customers.
The patches issued by Apple and Zoom mean that installing Zoom no longer involves also installing a local web server on your Mac devices. There is also a new setting to save the “Always turn off my video” feature that disables video in Zoom automatically, until the user chooses to enable it manually. The Zoom patch also takes care of the vulnerabilities caused by RingCentral and Zhumu.
How to Get Apple’s Security Patches to Zoom’s Vulnerability
To get the latest security patches, you need a stable internet connection because Apple is silently pushing security updates that address the Zoom vulnerabilities. These will be installed on your Mac, and you won’t even notice.
To make the most of these updates, we recommend that you keep your computer in good health by cleaning it with a reliable Mac cleaning tool such as Outbyte MacRepair. This tool will scan your computer for malware, delete junk files, optimize RAM, and repair registry entries. Cleaning your computer this way will make it easier for the updates to take effect. Not to mention, the cleaner will also get rid or stop unwanted launchers such as the local host server that allows Zoom to launch automatically.
How to Disable the Zoom Local Host Web Server Manually
You can also disable the Zoom local server manually without installing the update. To do this, launch Terminal and type the following:
pkill ZoomOpener;rm -rf ~/.zoomus;touch ~/.zoomus &&chmod 000 ~/.zoomus;
And the type:
pkill “RingCentralOpener”;rm -rf ~/.ringcentralopener;touch ~/.ringcentralopener &&chmod 000 ~/.ringcentralopener;#
Hit Enter in both cases. This will help resolve the Zoom-related vulnerabilities on your Mac.
In summary, Zoom wanted to bypass Apple’s privacy controls that required users to consent before receiving Zoom video calls, so the company created secondary software that made it possible to bypass these security restrictions. The unintended consequences of these actions were potential DOS attacks and privacy violations.
Luckily, Apple and Zoom acted fast to prevent any of them from happening by issuing separate security updates. To get these updates, all you need is a stable internet connection. Alternatively, you can manually uninstall the secondary software (local host server) installed as part of the Zoom app.
This, of course, is not the first time that Zoom has been affected by a serious bug. A few months ago, another bug allowed malicious actors to take control of user’s screen and send messages on their behalf. Fortunately, this was also resolved.
What do you think of the Mac update released to address Zoom-related vulnerabilities? Share your thoughts in the comment section below.