Apple removes Zoom’s dodgy hidden web server on your Mac without telling you – shows who really pwns your machine

Apple has pushed a silent update to Macs, disabling the hidden web server installed by the popular Zoom web-conferencing software.

A security researcher this week went public with his finding that the mechanism used to bypass a Safari prompt before entering a Zoom conference was a hidden local web server.

Jonathan Leitschuh focused largely on the fact that a user’s webcam would likely be ON automatically, meaning that a crafty bit of web coding would give an attacker a peek into your room if you simply visit their site.

But the presence of the web server was a more serious issue, especially since uninstalling Zoom did not remove it and the web server would reinstall the Zoom client – which is malware-like behaviour.

[…]

On 9 July the company updated its Mac app to remove the local web server “via a prompted update”.

The next day Apple itself took action, by instructing macOS’s built-in antivirus engine to remove the web server on sight from Macs. Zoom CEO Eric Yuan added on Wednesday:

Apple issued an update to ensure the Zoom web server is removed from all Macs, even if the user did not update their Zoom app or deleted it before we issued our July 9 patch. Zoom worked with Apple to test this update, which requires no user interaction.

Source: Wondering how to whack Zoom’s dodgy hidden web server on your Mac? No worries, Apple’s done it for you • The Register

Kind of scary that Apple can just go about removing software from your machine without any notification