Latest in Gear

Image credit: AP Photo/Mark Lennihan

Zoom will remove server behind Mac webcam security hole

A patch will address the potential for snooping and flooding attacks.
185 Shares
Share
Tweet
Share
Save

Sponsored Links

AP Photo/Mark Lennihan

Zoom is acting quickly on the security flaw that let intruders hijack Mac users' webcams. The video conferencing firm is releasing a patch on July 9th (that's today, if you're reading in time) that removes access to the local web server behind the vulnerability. It'll also let you manually uninstall Zoom and remove all traces of the app so that there's no chance of an exploit later on. Another update, due for the weekend of July 12th, will also ensure that rookies who choose "always turn off my video" will automatically have their preferences honored in those situations where a meeting host would normally require that video switches on.

The company had previously defended its earlier decisions. The web server only responded to requests from the local computer, Zoom said. It argued that this was more convenient than having to confirm launching the Zoom client every time you wanted to get into a meeting. It also fixed a denial-of-service bug in May, although it didn't require an update as this was deemed a "low-risk vulnerability."

This won't be a huge issue unless you're regularly using Macs for work-related video conversations, but it promises to be a relief for the corporate crowd. It also illustrates the sheer amount of pressure to be transparent and quick about addressing security holes in the modern tech world. Researcher Jonathan Leitschuh, who discovered the flaw, noted that Zoom's newfound willingness to patch out the web service represented an "about face" -- it went from rationalizing its existing strategy to planning a fix in a matter of hours.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
185 Shares
Share
Tweet
Share
Save

Popular on Engadget

YouTube's AI docuseries with Robert Downey Jr arrives on December 18th

YouTube's AI docuseries with Robert Downey Jr arrives on December 18th

View
PC gamers: Rate and review the RTX 2060 Super or 2070 Super

PC gamers: Rate and review the RTX 2060 Super or 2070 Super

View
Google Assistant's interpreter mode is coming to iOS and Android

Google Assistant's interpreter mode is coming to iOS and Android

View
'Fortnite' adds split-screen multiplayer on PS4 and Xbox One

'Fortnite' adds split-screen multiplayer on PS4 and Xbox One

View
Mighty's iPod Shuffle for Spotify now works with Amazon Music

Mighty's iPod Shuffle for Spotify now works with Amazon Music

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr