Apple is pushing yet another silent update to macOS to resolve the Mac webcam hijack vulnerability in RingCentral and Zhumu. These two apps are powered by Zoom, and it was discovered this week that they are also susceptible to the same web server vulnerability as Zoom.
When the Zoom vulnerability was first discovered last week, Apple pushed a silent macOS update to remove the web server. Now, The Verge reports that Apple has deployed another silent security update to remove web servers installed by RingCentral and Zhumu. Like the update pushed last week, this one does not require any user interaction to install.
Earlier today, we explained that because RingCentral and Zhumu use the same underlying code as Zoom, they also installed their own web server in macOS. This web server makes it easy for users to join meetings with one click, but it also leaves users susceptible to have their webcam and microphone hijacked.
Unfortunately, RingCentral and Zhumu aren’t the only video conferencing apps that use Zoom’s code. Apple says that it hopes to patch the vulnerability for all of Zoom’s partner apps in the coming days.
Essentially, even when users uninstall video conferencing apps like Zoom, RingCentral, and Zhumu, the web server persists. This means that users without the app installed won’t get the updates deployed by the companies themselves, yet still have the vulnerable web server on their Mac. This is why Apple has stepped in to remove the web servers completely.
Last week, Apple noted that it “often pushes silent signature updates to Macs” to remove known malware, but that it rarely publicly takes action against a known app. Issues like these will only increase the prevalence of physical web cam covers.