Want CNET to notify you of price drops and the latest stories?

Apple remotely disables feature in Zoom conferencing app after webcam scare

The iPhone maker quietly sends out an update to its Mac computers to plug a potential security hole.

Ian Sherr Former Editor at Large / News
Ian Sherr (he/him/his) grew up in the San Francisco Bay Area, so he's always had a connection to the tech world. At CNET, he wrote about Apple, Microsoft, VR, video games and internet troubles. Aside from writing, he tinkers with tech at home, is a longtime fencer -- the kind with swords -- and began woodworking during the pandemic.
Ian Sherr
Enlarge Image

People typically are made fun of for covering up their webcams. But maybe not anymore.

Josh Lowensohn/CNET

Apple's sent out a quiet security update to Mac computer users two days after a security researcher detailed a security flaw in the web conferencing software maker Zoom's software that could remotely turn on a person's webcam. The update, removed a feature that quickly connected people to conference calls.

Zoom's software installs a web server on user's computers, designed to quickly launch Zoom's software when users click a link. It also re-installs Zoom's software if it's been removed. That server is what Apple's update removed, according to TechCrunch, which reported on the update earlier.

"We're happy to have worked with Apple on testing this update to resolve the web server issue. We appreciate our users' patience as we continue to work through addressing their concerns," Zoom spokesperson Priscilla Barolo told CNET, confirming the TechCrunch report. 

Apple  didn't respond to a request for comment.

The move marks the latest twist in the fallout after security researcher Jonathan Leitschuh detailed a shocking security flaw that potentially allows an attacker to turn on a Mac computer's webcam without warning.

In a blog post Tuesday, Zoom said it planned to disable the web server feature, which was originally designed to make it easier for users to join meetings without extra clicks. "We are stopping the use of a local web server on Mac devices," the company said.

Originally published at 4:40 p.m. PT
Updated at 7:20 p.m. with Zoom comment and confirmation.