How to buy iPhone 13 now Emmys 2021: How to watch iOS 15's best features FDA panel rejects Pfizer booster plan for general public SpaceX Inspiration4 mission

Apple's stealth Mac security update removes flawed software, report says

Zoom's partner apps were also affected by a webcam security flaw, according to a security researcher.


Apple reportedly has released a Mac security update to amend a vulnerability in Zoom's partner apps.

Sarah Tew/CNET

Apple quietly rolled out a Mac security update to remove flawed software from Zoom partner apps RingCentral and Zhumu, according to a BuzzFeed News report. The update will reportedly roll out automatically but could take some time to reach all affected computers. 

RingCentral and Zhumu are videoconferencing apps that use technology from Zoom. Last week, security researcher Jonathan Leitschuh flagged a Zoom security flaw that allowed websites to join users to video calls without permission and activated Mac webcams without permission. In response, Zoom rolled out a patch in which the company completely removed the local web server on Mac devices. The feature was designed to facilitate joining meetings without extra clicks.

A report from security researcher Karan Lyons published Monday found that Zoom's flaw affected partner apps. Lyons said in a tweet Tuesday that Apple's Mac security update affects 11 apps that were vulnerable to the flaw.

In a statement, RingCentral said it "recently learned of video-on vulnerabilities in RingCentral Meetings software and we have taken immediate steps to mitigate these vulnerabilities for any customers who could be affected." As of Tuesday, the company says, it isn't aware of any customers who were affected by the vulnerabilities. It's keeping customers updated via an article on its support page, and security and engineering teams are monitoring the situation.

Last week, Apple sent out a silent update for Macs that removed a feature that quickly connected people to conference calls. The company reportedly said that measure would protect current and previous users from the vulnerability without affecting the Zoom app's functionality. As part of that update, users will now be asked if they want to open the app rather than having it open automatically. 

Apple didn't immediately respond to a request for comment. Zhumu couldn't immediately be reached for comment.

Originally published July 16, 1:24 p.m. PT.
Update, 2:06 p.m. PT: Adds comment from RingCentral.