image credit: Pixabay

Apple Issues Silent Update Removing Zoom’s Hidden Server

July 11, 2019


Apple has pushed a silent update to Mac users that removes a hidden web server from Zoom users’ machines.

The Zoom web- and video-conferencing service has come under scrutiny for its handling of a zero-day bug (CVE-2019–13450) found by researcher Jonathan Leitschuh, which would allow an attacker to hijack a user’s web camera without their permission. However, the researcher also flagged a concerning persistence feature in the service: Even if users uninstalled the Zoom client, the service maintained a web-facing connection on computers via a hidden localhost web server.

Read More on Threat Post