Apple informed us that it has released a silent security update for Mac to remove software that was automatically installed by RingCentral and Zhumu. These video conferencing apps used both technologies from Zoom – they are mainly white labels – and thus they also had Zoo's security errors. In particular, they installed secondary pieces of software that could take commands from websites to open up your webcam in a video conference without you having it.
Even uninstalling these apps would not remove the secondary web server, which would mean that many users would not get software vendor updates that fix the problem. That means Apple is best positioned to remove the abusive software and that is. Apple intends to fix the problem for all Zoom partner apps.
Yesterday, these additional problems arose from further investigations to Zoob's partner apps, but the bigger problem with Zoom installing a secondary web server that could be uncertain began with zero-day disclosure July 8. Since then, Zoom itself has been scrambling to get the right solution for users ̵
Finally, it decided it was worth the update, but could not remove software for users who had uninstalled the main application. That's why Apple had to go inside. Apple issued its first audio update to remove Zoy's additional software in July 10, and today's update is essentially part of the same limitation.
The core issue stems from a change Zoom made to its video conferencing software to bypass a security update Apple had made to Safari. Safari was recently updated in such a way that it required user authentication to open a third-party application each time, and Zoom wanted to prevent users from having to cope with the extra click. It is required to install a web server that is listening for calls to open up Zoom conferences. Combine that with the fact that it was normal and easy for Zoom users to have the default setting to have video on when they joined a call, and it became possible for a malicious site with an iframe to open a video call on the Mac your with camera on.