Zoom is rolling out a patch Tuesday after a security flaw allowed websites to. As part of the patch, the company will completely remove the local web server on Mac devices.
The security flaw, which security researcher Jonathan Leitschuh flagged in a Medium post on Monday, also activated Mac webcams without permission. Zoom will stop using a local web server on Macs once the Zoom client is updated.
The company will also add an option to its menu bar that lets users manually uninstall the Zoom client, including the locally installed web server — website hosting software that browsers ordinarily traverse the internet to use. After the patch is deployed, users will see a menu option saying Uninstall Zoom, which’ll completely remove Zoom from the device and a person’s saved settings, the company said.
In an earlier update Tuesday morning, Zoom said it didn’t “currently have an easy way to help a user delete both the Zoom client and also the Zoom local web server app on Mac that launches our client.” Instead, the company said, users needed to manually locate and delete those apps until it rolls out a new Uninstaller App for Mac to help them delete the apps.
The change of heart came after a response Monday that said Zoom installed the web server to make it easier to launch its videoconferencing service. Others do the same, it said in the justification it’s now abandoned.
Leitschuh tweeted about the update Tuesday, saying, “The conversation with the @zoom_us CEO in the ‘Party Chat’ was incredibly productive. It felt like an about face on their previous position on this #vulnerability. It’s really encouraging to see a CEO willing to jump into a call with a bunch of strangers to take responsibility.”
Zoom will also have a release on Friday that addresses having video on by default. The release will let first-time users who click on the “Always turn off my video” box have their video preference saved automatically. Returning users can also update their preferences using Zoom client settings so videos are off by default.