Skip to main content

Apple pushes second silent macOS update as it battles Zoom webcam hijack vulnerability

Apple is pushing yet another silent update to macOS to resolve the Mac webcam hijack vulnerability in RingCentral and Zhumu. These two apps are powered by Zoom, and it was discovered this week that they are also susceptible to the same web server vulnerability as Zoom.

When the Zoom vulnerability was first discovered last week, Apple pushed a silent macOS update to remove the web server. Now, The Verge reports that Apple has deployed another silent security update to remove web servers installed by RingCentral and Zhumu. Like the update pushed last week, this one does not require any user interaction to install.

Earlier today, we explained that because RingCentral and Zhumu use the same underlying code as Zoom, they also installed their own web server in macOS. This web server makes it easy for users to join meetings with one click, but it also leaves users susceptible to have their webcam and microphone hijacked.

Unfortunately, RingCentral and Zhumu aren’t the only video conferencing apps that use Zoom’s code. Apple says that it hopes to patch the vulnerability for all of Zoom’s partner apps in the coming days.

Essentially, even when users uninstall video conferencing apps like Zoom, RingCentral, and Zhumu, the web server persists. This means that users without the app installed won’t get the updates deployed by the companies themselves, yet still have the vulnerable web server on their Mac. This is why Apple has stepped in to remove the web servers completely.

Last week, Apple noted that it “often pushes silent signature updates to Macs” to remove known malware, but that it rarely publicly takes action against a known app. Issues like these will only increase the prevalence of physical web cam covers.

Read more: 

FTC: We use income earning auto affiliate links. More.

Hyper Prime deals
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Subscribe to 9to5Mac on YouTube for more Apple news:

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications