Apple reportedly has released a Mac security update to amend a vulnerability in Zoom’s partner apps.


Sarah Tew/CNET

Apple quietly rolled out a Mac security update to remove flawed software from Zoom partner apps RingCentral and Zhumu, according to a BuzzFeed News report. The update will reportedly roll out automatically but could take some time to reach all affected computers. 

RingCentral and Zhumu are videoconferencing apps that use technology from Zoom. Last week, security researcher Jonathan Leitschuh flagged a Zoom security flaw that allowed websites to join users to video calls without permission and activated Mac webcams without permission. In response, Zoom rolled out a patch in which the company completely removed the local web server on Mac devices. The feature was designed to facilitate joining meetings without extra clicks.

A report from security researcher Karan Lyons published Monday found that Zoom’s flaw affected partner apps. Lyons said in a tweet Tuesday that Apple’s Mac security update affects 11 apps that were vulnerable to the flaw.

In a statement, RingCentral said it “recently learned of video-on vulnerabilities in RingCentral Meetings software and we have taken immediate steps to mitigate these vulnerabilities for any customers who could be affected.” As of Tuesday, the company says, it isn’t aware of any customers who were affected by the vulnerabilities. It’s keeping customers updated via an article on its support page, and security and engineering teams are monitoring the situation.

Last week, Apple sent out a silent update for Macs that removed a feature that quickly connected people to conference calls. The company reportedly said that measure would protect current and previous users from the vulnerability without affecting the Zoom app’s functionality. As part of that update, users will now be asked if they want to open the app rather than having it open automatically. 

Apple didn’t immediately respond to a request for comment. Zhumu couldn’t immediately be reached for comment.

Originally published July 16, 1:24 p.m. PT.
Update, 2:06 p.m. PT: Adds comment from RingCentral.

Let’s block ads! (Why?)


Source link

Load More By techadmin
Load More In Apps & Software
Comments are closed.

Check Also

Korg Volca Modular synth review: As weird as it is affordable – Engadget

This review is a little different. Normally when Engadget reviews something, we’re b…