Apple has pushed a silent Mac update to remove hidden Zoom web server – TechCrunch


30 bookmarks. First posted by peba 7 days ago.


Apple has pushed a silent Mac update to remove hidden Zoom web server That's hilarious.
from twitter
5 days ago by jtyost2
Zack Whittaker:
<p>Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.

Apple said the update does not require any user interaction and is deployed automatically.

The video conferencing giant took flack from users following a public vulnerability disclosure on Monday by Jonathan Leitschuh, in which he described how “any website [could] forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.” The undocumented web server remained installed even if a user uninstalled Zoom. Leitschuh said this allowed Zoom to reinstall the app without requiring any user interaction…

…The update will now prompt users if they want to open the app, whereas before it would open automatically.</p>
apple  mac  zoom  hacking  vulnerability 
6 days ago by charlesarthur
from Daring Fireball

Zack Whittaker, reporting for TechCrunch:

Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.

Apple said the update does not require any user interaction and is deployed automatically.

That’s the end of that chapter. I forgot to mention the other day that the worst part about Zoom’s local web server is that if you deleted the Zoom app, the web server would silently reinstall the Zoom app if a website you visited requested it. That phrase I quoted yesterday, “nonconsensual technology”, really sums it up. I’ll go out on a limb and say Apple is none too pleased about this. I can’t think of a better example to explain why we — which is to say honest Mac users and developers — are stuck with ever-tightening sandbox restrictions on the Mac.

 ★ 
ifttt  daringfireball 
6 days ago by josephschmitt
Zack Whittaker, reporting for TechCrunch:

Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.

Apple said the update does not require any user interaction and is deployed automatically.

That’s the end of that chapter. I forgot to mention the other day that the worst part about Zoom’s local web server is that if you deleted the Zoom app, the web server would silently reinstall the Zoom app if a website you visited requested it. That phrase I quoted yesterday, “nonconsensual technology”, really sums it up.

 ★ 
via:daringfireball 
6 days ago by rufous
This time at least, Apple has your back.
from twitter_favs
6 days ago by tamberg
Apple has pushed a silent Mac update to remove hidden Zoom web server | AAPL
from twitter
6 days ago by edelagrave
When you fuck up so bad that the OS maker has to fix your shit, you know you've done something wrong
from twitter_favs
6 days ago by mike_moran
This is a good action by Apple and much better outcome for users, after Zoom totally flubbed it
from twitter_favs
6 days ago by ichthyos
But did they?https://t.co/DDJHsv0tE9

— Jason Tucker 👨🏻‍💻📸🎙 (@jasontucker) July 11, 2019
IFTTT  Twitter 
6 days ago by abstrakone
"excuse me while i just fix your shit here" — apple
from twitter_favs
6 days ago by moroz
The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.
mbw  727 
6 days ago by leolaporte
Clumsy, surreptitious actions like this contribute to the breakdown in trust between users and tech, and rightly so. companies’ cultures and abilities are not aligned properly or focused on the right thing
Technology 
6 days ago by fpaulus
Apple has pushed a silent Mac update to remove hidden Zoom web server via Instapaper http://social.techcrunch.com/2019/07/10/apple-silent-update-zoom-app/
IFTTT  Instapaper 
6 days ago by zhangtai
via Pocket - Apple has pushed a silent Mac update to remove hidden Zoom web server - Added July 10, 2019 at 06:16PM
IFTTT  Pocket  hacker  news:  front  page 
7 days ago by ctorstens
Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which […]
7 days ago by briandrum
This is a good action by Apple and much better outcome for users, after Zoom totally flubbed it
from twitter_favs
7 days ago by carlfish
This is a good action by Apple and much better outcome for users, after Zoom totally flubbed it
from twitter_favs
7 days ago by dpwolf
Apple pushes silent Mac update to remove the hidden web server in the Zoom app that could let websites add a user to a video call without their permission
7 days ago by joeo10
Apple pushes silent Mac update to remove hidden Zoom web server
loopinsight  spike 
7 days ago by edan
RT : TechCrunch: “Apple has pushed a silent Mac update to remove hidden Zoom web server”
from twitter
7 days ago by benny
"excuse me while i just fix your shit here" — apple
from twitter_favs
7 days ago by nzadrozny
Wow. Nuclear option invoked. Way to go Apple.
from twitter_favs
7 days ago by peba