Zoom’s Mac Security Problem and a Fast Response
Updated on July 11th 2:02 PM PDT
by Jim Lundy
The latest news adds to the growing story about security with Zoom video conferencing. The discovery that Zoom installs a server on Macs was a shocking revelation. This raises questions about Zoom in the enterprise and its overall focus on security.
Zoom and Mac Security Video Bug
A security researcher Jonathan Leitschuh disclosed a flaw in Zoom this week. Zoom’s Video Meeting Service on a Mac installs two apps. One of them is a localhost server that has vulnerabilities that have been partially patched. Jonathan did give Zoom time to fix this and it addressed part of it—in essence, allowing users to turn off video by default.
However, Zoom has not been good about telling clients about the local server and that it remains on a Mac even if you delete the client application. It remained open and that meant it could be accessed by anyone, anywhere: meaning you could be forced to ‘join’ a Zoom meeting and your computer camera could be turned on.
July 9th Update: Removing Mac LocalHost?
Zoom published a blog yesterday indicating that the July 9th update will remove the localhost from most Macs. While this is good, it is also a reflection that Zoom did not disclose all that it was doing with its client applications, particularly on Macs.
A Fast Recovery To A Problem That Should Not Have Existed
The fast recovery by Zoom is a tribute to its ability to move at digital speed. It had some chats online yesterday and seemed to have calmed things down. However, the storm related to Zoom and security may not be over.
Update: Did Apple Force Zoom’s hand?
One of the revelations that just surfaced is the fact that Apple forced Zoom’s hands. Apple was the firm that actually removed the Zoom Server on Macs, not Zoom. This was confirmed to TechCrunch by Apple. While it is clear that Zoom worked with Apple on this and that the removal did not affect Zoom’s client due to the update that Zoom just made, in the end, it was Apple that acted on behalf of users, not Zoom.
Collaboration and Security is Mandatory
All of this does raise other questions across the entire collaboration market. Many enterprises have trusted their providers and have signed up for a service without doing their regular security checks. While the content management market went deep into security several years ago, the collaboration market is behind.
To learn more about how to keep your meetings safe and secure, listen to my recent podcast.
Have a Comment on this?