I think it’s safe to say that Apple is p*ssed. After the controversy surrounding Zoom and its hidden web server vulnerable to a zero day, Apple is pushing a hidden Mac update that removes it (via TechCrunch).
Removing Zoom
By “hidden update” I mean that your Mac will automatically update, so you won’t have to do anything. Over the past couple of days, a security researcher brought to light that video conferencing app Zoom suffered a zero day. Malicious websites could force Zoom to open a video call without your permission, and even perform a denial of service (DoS) attack, forcing your Mac to crash. This is because it uses a localhost web server on port 19421.
Zoom released a patch yesterday, and the security researcher in question, Jonathan Leitschuh, released directions to manually remove the web server. At first, Zoom defended its use of the web server, but later backtracked and removed it with an update. But now Apple is taking a stand and forcibly removing it from Macs.
Writing for Buzzfeed News, Nicole Nguyen shared a good take from security consultant Eleanor Saitta:
This is an excellent example of what my friend Deb Chachra calls ‘nonconsensual technology’. It’s a sadly common attitude among tech companies that what the user wants can be ignored on a whim.
Increasingly, Apple is positioning itself as a privacy company. Since it controls the platforms that third parties use, it often has to spank wayward companies that violate the privacy of its users. Zoom is just the latest example of a tech company putting convenience over privacy.
Further Reading:
Maybe Apple should look for other code that can be installed and wait for an opportunity to install more INTERESTING code? Just sayin’. macOS is proven (again) to be the most vulnerable OS on the planet. Remember passwordless Root access? 12 months every Mac on the planet was wide open. Unforgivable.