Zoom’s Vulnerable Mini Web Server Issue Fixed for MacOS Users
As per TechCrunch report, a silent update has recently been pushed by Apple. This update targeted countless MacOS users with a video conference tool named as “Zoom”. This update gets deployed automatically without the need of any confirmation from the users. It removes the vulnerability which is caused by a web server installed with Zoom. This mini-web server was capable of adding users to video conference without getting permission from the host.
This exploit was discovered recently by a security expert. It is said that the flaw discovered by a security expert was denied by the company, but then Apple took a bold step of releasing a fix for this vulnerability. This step was taken after this bad news got discussed over the internet and found some bad reputation for the company. This fix has totally removed this vulnerable web server from the app making it secure for its users.
It looks like Apple’s previous insight into Zoom was not enough, so another was required to remove this vulnerability with an update. This update, aimed to remove this vulnerable web server, was totally silent which is usual at Apple. It was a much needed update because of the seriousness of this vulnerability. You might be unaware of the fact that this web server was capable of restarting itself even if Zoom App has been uninstalled from the host system. It can even trigger reinstall of the app.
These mini servers such as the one found with Zoom are not uncommon. Tech related people refer to these as “launch service”. These are mostly used to ease the operation by saving them a few click by automatically triggering an operation or a their main application.
Zoom is a popular app in corporate sector and has around four million users worldwide.