Home > Categories > Security Awareness & Training > Apple Rushes to Fix Zoom Security Flaw

Home > Categories > Security Awareness & Training > Research > Apple Rushes to Fix Zoom Security Flaw

Apple Rushes to Fix Zoom Security Flaw

What happened?

Apple has delivered a silent update to Macs, rectifying a security flaw in its Zoom web-conferencing service.

Security researcher Jonathan Leitschuh initially contacted Zoom on March 8, 2019 to report that a hidden web server (used to bypass user consent for automatically joining meetings) could be accessed by external users without permission, compromising webcam and voice usage.

Moreover, uninstalling Zoom did not resolve this security issue, as the hidden web server would reinstall Zoom onto the original operating system.

Source: Web Conferencing from SoftwareReviews, Report Published April 2019.

The hidden web server is now removed from all Macs through Zoom’s update. Clients can manually update Zoom through its download center, but since Zoom forced the update, manual updates may not be necessary.

Mac users who select “Always turn off my video” also have this webcam preference saved for all future calls. However, Zoom’s update does not fully account for Windows users, whose webcam may still be turned on when joining meetings automatically.

Our Take

Based on client feedback, SoftwareReviews ranks Zoom as tenth out of the 12 leading web conferencing vendors, with a composite score of 7.6/10. Having potentially compromised 750,000 companies worldwide, Zoom’s security issue could cement this ranking.

Source: Web Conferencing from SoftwareReviews, Report Published April 2019.

However, with this security issue resolved, Zoom could experience the service recovery paradox: clients will end up reporting higher satisfaction in end-user reports despite this setback. After all, SoftwareReviews lists Zoom as a leader in product innovation.

Want to Know More?

Scorecard for Zoom

Evaluate Web Conferencing Vendors

Other Recent Research in Security Awareness & Training

Security Awareness & Training

Qualys and Ivanti Partnership Boasts an Incredibly Robust Vulnerability Management Platform

Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.

Security Awareness & Training

RiskSense Releases a Unified Infrastructure Security Risk Management Program

RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.

Security Awareness & Training

Address the Root of Your Vulnerabilities in a Resource-Tight Period

Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.

Security Awareness & Training

Kenna Security Releases Tool for the Custom Benchmarking of Vulnerability Management Programs

On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years.