We live in a time when tech companies can just not be slack about security concerns. And while most companies often address all the big stuff, it’s those small lingering vulnerabilities that end up causing the biggest problems and need to be taken more seriously. Video conferencing provider Zoom has landed up in this situation as the company has had to push out an emergency patch to address the zero-day vulnerability for Mac users that could potentially expose a live webcam feed to an attacker, launching you into a Zoom video chat you’d never intended to launch.
Although the company has since started the patching in an interview with The Verge, they expressed why on its initial discovery, they chose not to fix it for usability reasons, but have eventually buckled to the pressure following customer outrage:
Our original position was that installing this [web server] process in order to enable users to join the meeting without having to do these extra clicks — we believe that was the right decision. And it was [at] the request of some of our customers. But we also recognize and respect the view of others that say they don’t want to have an extra process installed on their local machine. So that’s why we made the decision to remove that component.
It’s a serious issue, but sadly for the company, one which they had previously deemed as low risk and even though a patch for it is now on its way, Apple has been forced to step in and address it properly, as TechCrunch reports, in issuing a new update to remove the webserver, which was designed to save Safari users an extra click, from any Mac that has Zoom’s software installed.
The issue with this new webserver is that even if users uninstalled Zoom software as a result of the vulnerability which was, the webserver stayed behind and meant that the vulnerability still exists and the only way to then get rid of it properly without reinstalling an updated Zoom was for Apple to patch the problem out, which they reportedly have in a silent update.
For Zoom, while it remains one of the most popular Video Conferencing tools for many, it’s likely that this who experience could have easily put people off their software and there could be many Mac users who now won’t trust their software. Yes, it may now be fixed but the perception of taking these issues seriously is the problem here and when companies don’t treat security vulnerabilities seriously, no matter how small, they are likely to find themselves in hot water. Or in this case, deleted entirely.
Last Updated: July 12, 2019