Apple is known for running a tight ship on iOS but things aren’t that clear-cut on macOS. While the company does scrutinize the apps that go through its App Store, it has less control over those that are sourced elsewhere and some do get through the restrictions it places on macOS. One of the most recent high-profile cases involves the popular Zoom video conferencing software. Now Apple itself is taking action by silently removing other software that makes use of the same flawed Zoom technologies on Mac.
Zoom’s intentions may be understandable but, as they say, good intentions are not enough. For the sake of user convenience, which ultimately means more users for its platform, Zoom has put those users at risk from miscreants. It turns out that Zoom resorted to installing an insecure web server on Macs that could allow a hacker access to users’ cameras just by placing a call.
Zoom initially refused to remove the webserver and then relented but couldn’t remove the offending software from those who already uninstalled the Zoom app. Apple had to step in and issue an update to do that for those affected users and now it’s expanding its operations.
Zoom’s technology is also being used by the likes of RingCentral and Zhumu and, therefore, expose their users to the same vulnerability. Now Apple is pushing out a silent security update that removes the web server installed by that software.
Zoom’s tactic to introduce some convenience for users was probably doomed from the start. It was, after all, designed to circumvent Apple’s security restrictions that required user consent when using third-party plugins on Safari. Apple will most likely tighten the noose on third-party apps in response to Zoom’s actions which, ironically, could make life more inconvenient, but safer, for other developers and users.