Apple's stealth Mac security update removes flawed software, report says

Zoom's partner apps were also affected by a webcam security flaw, according to a security researcher.

Abrar Al-Heeti Technology Reporter

Abrar Al-Heeti is a technology reporter for CNET, with an interest in phones, streaming, internet trends, entertainment, pop culture and digital accessibility. She's also worked for CNET's video, culture and news teams. She graduated with bachelor's and master's degrees in journalism from the University of Illinois at Urbana-Champaign. Though Illinois is home, she now loves San Francisco -- steep inclines and all.

Expertise Abrar has spent her career at CNET analyzing tech trends while also writing news, reviews and commentaries across mobile, streaming and online culture. Credentials

Named a Tech Media Trailblazer by the Consumer Technology Association in 2019, a winner of SPJ NorCal's Excellence in Journalism Awards in 2022 and has three times been a finalist in the LA Press Club's National Arts & Entertainment Journalism Awards.

See full bio

Abrar Al-Heeti

July 16, 2019 1:24 p.m. PT

2 min read

027-macbook-air-2018-nyc — Apple reportedly has released a Mac security update to amend a vulnerability in Zoom's partner apps.
Sarah Tew/CNET

Apple quietly rolled out a Mac security update to remove flawed software from Zoom partner apps RingCentral and Zhumu, according to a BuzzFeed News report. The update will reportedly roll out automatically but could take some time to reach all affected computers.

RingCentral and Zhumu are videoconferencing apps that use technology from Zoom. Last week, security researcher Jonathan Leitschuh flagged a Zoom security flaw that allowed websites to join users to video calls without permission and activated Mac webcams without permission. In response, Zoom rolled out a patch in which the company completely removed the local web server on Mac devices. The feature was designed to facilitate joining meetings without extra clicks.

A report from security researcher Karan Lyons published Monday found that Zoom's flaw affected partner apps. Lyons said in a tweet Tuesday that Apple's Mac security update affects 11 apps that were vulnerable to the flaw.

MRT update 1.46 now removes vulnerable web servers for Zoom, RingCentral, Telus Meetings, BT Cloud Phone Meetings, Office Suite HD Meeting, AT&T Video Meetings, BizConf, Huihui, UMeeting, Zhumu, and Zoom CN.
— Karan Lyons (@karanlyons) July 16, 2019

In a statement, RingCentral said it "recently learned of video-on vulnerabilities in RingCentral Meetings software and we have taken immediate steps to mitigate these vulnerabilities for any customers who could be affected." As of Tuesday, the company says, it isn't aware of any customers who were affected by the vulnerabilities. It's keeping customers updated via an article on its support page, and security and engineering teams are monitoring the situation.

Last week, Apple sent out a silent update for Macs that removed a feature that quickly connected people to conference calls. The company reportedly said that measure would protect current and previous users from the vulnerability without affecting the Zoom app's functionality. As part of that update, users will now be asked if they want to open the app rather than having it open automatically.

Apple didn't immediately respond to a request for comment. Zhumu couldn't immediately be reached for comment.

Originally published July 16, 1:24 p.m. PT.
Update, 2:06 p.m. PT: Adds comment from RingCentral.

Computing Guides

Laptops

Desktops & Monitors

Computer Accessories

Photography

Tablets & E-Readers

3D Printers

Computing Coupons