Zoom quickly fixes ‘malware-like’ macOS installer with new update

Zoom is facing a variety of privacy and security issues this week, and the company is already responding to some of them rather quickly. Software engineer Felix Seele discovered earlier this week that Zoom’s macOS installer works around Apple’s OS restrictions by using “the same tricks that are being used by macOS malware” to get its software on Macs.

This meant the Zoom app was being installed without users providing final consent, thanks to a misleading prompt that automated the install process. The discovery prompted Zoom CEO Eric S. Yuan to respond over Twitter, with a promise to improve the situation. Zoom has now issued a new update that addresses the problems revealed by Seele.

“They completely removed the preinstall stuff, so you now need to click through the installer as it ought to be,” explains Seele in a message to The Verge. The fake prompt has also been removed so users have to specifically click through and install Zoom. “I must say that I am impressed,” says Seele. “I expected them to maybe change the dialog, but since the ‘zero-click’ aspect was so important to them, I thought they would stick with the preinstall-trick.”

Zoom’s quick fix comes just two days after Zoom’s CEO responded to the findings on Twitter. Zoom is also pausing feature updates for 90 days to address a variety of security and privacy concerns that have come to light in recent days.

Security researchers and privacy advocates have raised the alarm on default settings that have allowed the “Zoombombing” phenomenon to take place, where pranksters join Zoom calls and broadcast porn or shock videos. Zoom was also forced to update its iOS app last week to remove code that sent device data to Facebook. Zoom then had to rewrite parts of its privacy policy after it was discovered that users’ personal information was susceptible to being used to target ads. User information is also reportedly being leaked because of an issue with how Zoom groups contacts.

Zoom will now spend the next three months fixing all these problems as it struggles to avoid becoming a victim of its own success. Zoom also revealed earlier today that it had 10 million daily meeting participants in December, and that figure has now grown to 200 million during the ongoing pandemic.

Originally posted: Source link

Leave a Reply

Subscribe to our newsletter

Join our monthly newsletter and never miss out on new stories and promotions.
Techhnews will use the information you provide on this form to be in touch with you and to provide updates and marketing.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at newsletter@techhnews.com. We will treat your information with respect.

%d bloggers like this: