Zoom fixes macOS installer loophole with a new update
Zoom was getting installed on Mac devices automatically with a fake consent prompt.
Even as Zoom has grown in popularity, the video conferencing app has come under scanner over a variety of privacy and security issues. Following the wide criticism, Zoom has been fixing one security loophole and another. The latest is the fix to macOS installer which allowed the app to be installed on users' Mac devices without a final consent.
Software engineer Felix Seele reported that Zoom used preinstallation scripts. The auto install was like how malwares are often installed on users' devices without their knowledge.
Responding to the loophole reported, Zoom CEO said the process was aimed at simplifying the installation process. He said the process allowed new users to join a meeting faster. Later, Zoom released an update to fix the auto installer.
"They completely removed the preinstall stuff, so you now need to click through the installer as it ought to be," Seele told The Verge. "I must say that I am impressed. I expected them to maybe change the dialog, but since the 'zero-click' aspect was so important to them, I thought they would stick with the preinstall-trick."
Thank you for your feedback! We implemented to balance the number of clicks given the limitations of the standard technology. To join a meeting from a Mac is not easy, that is why this method is used by Zoom and others. Your point is well taken and we will continue to improve.— Eric S. Yuan (@ericsyuan) March 31, 2020
As said earlier, Zoom has become a viral video conferencing app as millions of people are turning to digital tools for communication in the wake of Covid-19 pandemic. Zoom said its platform has seen userbase soaring from 10 million daily users to over 200 million daily users.
A spate of security vulnerabilities, however, has forced Zoom to announce a 90-day freeze on features.
Yuan in a blog post explained that the platform was primarily designed for enterprises with full IT support. "...we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home," he wrote in a blog post.