Apple is still working to plug the holes created by a security exploit recently discovered in video conferencing app Zoom. According to The Verge, Apple quietly pushed out a security update for macOS that removes vulnerable software installed automatically by RingCenter and Zhumu — two video conferencing tools that use Zoom technology and suffer from the same security holes.
This issue first started last week, when security researchers identified a flaw in Zoom’s software that took advantage of the app’s click-to-join feature. If a person clicked a link in their web browser, they would automatically join a conference and their webcam would turn on without their explicit permission. Zoom initially claimed the flaw was a necessary workaround to allow its software to function properly with Apple’s Safari browser but has since changed its approach and has worked to address the issue.
Last week, Zoom announced that it removed access to a local web server that enabled the vulnerability. One day later, Apple, working with Zoom, released an automatic security update for macOS that addressed the issue. The company plans to continue releasing fixes for all of Zoom’s partners like RingCenter and Zhumu.