Zoom releases Mac webcam security fix in sudden “about face”
Initially, as a security vulnerability in conferencing software Zoom was being exposed by security researcher Jonathan Leitschuh, the company was doggedly defending its position. By the end of the day, it had released one security patch with another to follow.
The company explained in a blog post that it would be releasing two patches in quick succession. The first, out now, will “remove the local web server entirely, once the Zoom client has been updated,” on Macs, meaning malicious third parties can no longer sneakily activate webcams using a Zoom link. It also allows users to “manually uninstall Zoom” including “the local web server.”
Related: Best free antivirus
The second patch, due in two days’ time, will ensure that people new to Zoom who tick the “Always turn off my video” box will have their preferences saved, and ensure that returning users have the power to do the same with an update in their client settings.
That’s quite a turnaround from the company’s original response, which was to introduce saved preferences and insist that the issue was merely a “workaround” and a “legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator.”
Related: Best smartphones
Indeed Leitschuh referred to it as an “about face” in a tweet praising the company’s flexibility.
The conversation with the @zoom_us CEO in the 'Party Chat' was incredibly productive. It felt like an about face on their previous position on this #vulnerability. It's really encouraging to see a CEO willing to jump into a call with a bunch of strangers to take responsibility.
— Jonathan Leitschuh (@JLLeitschuh) July 9, 2019
“Ultimately, it’s based on based on the feedback of the people that have been following this and contributing to the discussion,” Zoom’s chief information officer, Richard Farley, told The Verge. “Our original position was that installing this process in order to enable users to join the meeting without having to do these extra clicks — we believe that was the right decision. And it was the request of some of our customers.
“But we also recognise and respect the view of others that say they don’t want to have an extra process installed on their local machine. So that’s why we made the decision to remove that component — despite the fact that it’s going to require an extra click from Safari.”
Are you happy with this resolution? Let us know what you think on Twitter: @TrustedReviews.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
