.png "back to home page")
Zoomの脆弱性の件、結局AppleがSilent updateを配信したらしい。 "Apple said the update does not require any user interaction and is deployed automatically." / Apple has pushed a silent Mac update to remove hidden Zoom web server – TechCrunch https://t.co/eVbJOgnWnF
— ᴊᴜɴʏᴀ oɢᴜ®ᴀ (@junya) July 10, 2019
Wow. Nuclear option invoked. Way to go Apple.https://t.co/FqrzM7gtpm
— Kenn White (@kennwhite) July 10, 2019
New: Apple has pushed a silent update to all Macs removing an undocumented web server installed by Zoom, which allowed websites to forcibly join a user to a video call without their permission. https://t.co/WShnRDhZ00
— Zack Whittaker (@zackwhittaker) July 10, 2019
Wow. Apple pushed a silent, user interaction-free, automatically deployed update that neutered Zoom's background web server to all macOS users. Can't think of any other times they've done that (for qualified app developers, that is). https://t.co/jtjJhUd2Pf
— josh avant (@joshavant) July 10, 2019
Me: Apple could always use its anti-malware protection to bring down the hammer on Zoom's invisible web server.
— Jason Snell (@jsnell) July 10, 2019
Apple: ?https://t.co/5shLJynW3H
Apple has silently removed the hidden Zoom webserver on your Mac. Thanks to @zackwhittaker for rapid reporting on this serious issue. https://t.co/Sa395qDoeg pic.twitter.com/Xu1CSPAiDY
— Tarah (@tarah) July 10, 2019
TechCrunch: “Apple has pushed a silent Mac update to remove hidden Zoom web server”https://t.co/KOLbETLVWC
— Ivan Krstić (@radian) July 10, 2019
Apple has pushed a silent Mac update to remove hidden Zoom web server, https://t.co/tMix0mse12 << wow, good move by @apple re: @zoom_us but also a big statement#security #privacy
— Mark Nunnikhoven (@marknca) July 10, 2019
"excuse me while i just fix your shit here" — apple https://t.co/MfqiwAKKeW
— Isaac Hepworth (@isaach) July 10, 2019
Apple is silently and automatically removing Zoom’s web server software from Macs, as @zackwhittaker first reported at TechCrunch here: https://t.co/p59dIzT59M https://t.co/mRI6x1S19H pic.twitter.com/hXuSto8KA5
— Dieter Bohn (@backlon) July 10, 2019
Overnight (for me, anyway), Zoom published a blog post response. Notable that Zoom says "We are not alone among video conferencing providers in implementing this solution." WRT the web server on your Mac thing.https://t.co/m53OVTXw1l
— Dieter Bohn (@backlon) July 9, 2019
How bad is your security issue when APPLE pushes an update to fix it. Nice job, @zoom_us https://t.co/UkR1iFA7Q7
— Joseph Huckaby (@jhuckaby) July 10, 2019
Apple said the update does not require any user interaction and is deployed automatically. https://t.co/CfDee5lpcy
— nic nguyen (@itsnicolenguyen) July 10, 2019
Here is Zoom's official response. It's yet another case of "User's want the convenience so it's not a problem". This is a poor response. This kind of stuff is enabled because user's aren't informed about they're being opted into. https://t.co/FZ2F6A0yv0
— Marco Rogers (@polotek) July 9, 2019
Hidden self updating software does silent update to eliminate other hidden self updating software. Privacy wins? https://t.co/yQiCzHEh1o
— Jon Gales (@jonknee) July 10, 2019
Wow. If an OS vendor ships a silent security update to remove your software from every single machine it’s installed on, you may have fucked up. https://t.co/RR7JDghoKo
— Drew Thaler (@drewthaler) July 10, 2019
basically, Apple stepped in because it knew a ton of people were still going to be vulnerable after they uninstalled Zoom but either didn't know of the vulnerability or didn't want to install the updated patched Zoom version.
— Zack Whittaker (@zackwhittaker) July 10, 2019
Can we all agree that this is unacceptable? If Apple wants to remove this threat they have to inform the user and not silently remove software. I understand that they want to keep pretending there are no threats to Macs. We should not allow this. https://t.co/oJ5Y2hZrF3
— Stefan Esser (@i0n1c) July 10, 2019
Precedent: OS vendor pushing security patches / configs for 3rd party software. https://t.co/0qyvJgDdxS
— Johnny Xmas® (@J0hnnyXm4s) July 10, 2019
"Update: Initially, we did not see the web server or video-on posture as significant risks to our customers [...] but in hearing the outcry from some of our users and the security community in the past 24 hours, we have decided to make the updates to our service" https://t.co/09OgShqiKc
— Kenn White (@kennwhite) July 10, 2019
Zoom chief information security officer yesterday: “No, that’s not a security concern.” https://t.co/aDTeEf9nw7 via @itsnicolenguyen https://t.co/AInMf5OoxB
— John Paczkowski (@JohnPaczkowski) July 10, 2019
In the pursuit of fewer clicks, Zoom engineered its app to install a server on your Mac even if you uninstall the app, allowing it to turn on the camera on your Mac without you doing it. https://t.co/wRnFsvjnbd
— Lorenzo Franceschi-Bicchierai (@lorenzofb) July 9, 2019
It may be recency bias, but I cannot think of a worse response to a security issue than what we've seen with Zoom over the past few days https://t.co/qmTOc5XGr8
— Greg Otto (@gregotto) July 10, 2019
Wait Apple does silent updates?? https://t.co/M2nJSyJ8DU
— Rick Webb (@RickWebb) July 10, 2019
Well that's a bit creepy.
— Justin (@xxdesmus) July 10, 2019
"Apple said the update does not require any user interaction and is deployed automatically." https://t.co/eL3ezEEme4
This is a good action by Apple and much better outcome for users, after Zoom totally flubbed it https://t.co/Tr7oBLzr8G
— Ellen K. Pao (@ekp) July 11, 2019
Apple to the rescue. Says fine Zoom, if you're going to be dorks about fixing your stuff, we'll just treat you like Malware and fix the problem ourselves.https://t.co/TeItcbNT1o
— Alyssa Miller (@AlyssaM_InfoSec) July 10, 2019
I imagine many in #infosec will conclude the ends justify the means, and I imagine most Apple users won't care, but I still think silently pushing non-interactive 3rd-party app updates to consumer devices is creepy: https://t.co/LLBoMaePQm
— Kyle Rankin (@kylerankin) July 10, 2019
shoutout to my homies at @Apple in the struggle holding it down https://t.co/VdgoBrqPib
— ytcracker (@realytcracker) July 11, 2019
The vulnerability can be exploited on a drive-by basis by a malicious website.https://t.co/JGfK2jYXwQ#mac #apple #cybersecurity #hack #hackers #malware #webcam #zeroday #zoom pic.twitter.com/08FZMeqwi3
— RevBits (@RevBits) July 9, 2019
Zoom 90+ days ago - this is by design
— Jake Williams (@MalwareJake) July 11, 2019
Zoom earlier this week - BUT IT SAVES YOU A CLICK!!!
Zoom today - "We’re happy to have worked with Apple ... We expect the web server issue to be resolved today."
Is there a @PwnieAwards for worst vendor response?https://t.co/ZUN30BaoZO pic.twitter.com/r3CA9NafhY
there might be something wrong with your "product feature" if Apple decides to issue a silent security update to disable it lol https://t.co/pdIZEm23PA
— yan (@bcrypt) July 11, 2019
Apple is silently removing Zoom’s web server software from Macs https://t.co/6gL85lCyeH
— Miguel Guhlin (@mguhlin) July 11, 2019
I get why Apple is doing this and it's definitely a good idea, but having this level of access is a little worrysome. https://t.co/WB0V5yqOZu
— Major Hayden (@majorhayden) July 11, 2019
Zoom 90+ days ago - this is by design
— Jake Williams (@MalwareJake) July 11, 2019
Zoom earlier this week - BUT IT SAVES YOU A CLICK!!!
Zoom today - "We’re happy to have worked with Apple ... We expect the web server issue to be resolved today."
Is there a @PwnieAwards for worst vendor response?https://t.co/ZUN30BaoZO pic.twitter.com/r3CA9NafhY
wowww this is a pretty big middle finger out of apple, for entirely good reasons: https://t.co/ZEmi1sEnnd
— ?️? Sam Kimbrel (@skimbrel) July 10, 2019
Zoomの脆弱性はAppleが対策した模様。こういう時Apple強い https://t.co/EOzVHc7UT5
— 石井 壮太 / Sota Ishii (@sot528) July 11, 2019
Apple fixes major Zoom video conferencing security flaw https://t.co/u8cdY344PM by @cultofmac pic.twitter.com/4HTpx6wTXt
— Cult of Mac (@cultofmac) July 11, 2019
tfw your "feature" is so bad that apple ships a malware blacklist update to disable it https://t.co/XXQi9UofoE
— Alexis Beingessner (@Gankro) July 11, 2019
Well that’s one way to make the problem go away. https://t.co/43FsloFUSE
— Tim Morgan ?? (@riscfuture) July 11, 2019
Excellent.
— John Romkey (@romkey) July 11, 2019
“Silent Mac update nukes dangerous webserver installed by Zoom | Ars Technica” https://t.co/JL5zoimYMe
영상 컨퍼런스 프로그램 Zoom으로 사용자 허가 없이 영상통화를 개시할 수 있는 보안 헛점이 공개되었는데, 애플이 제작사와는 별도로 해당 헛점을 없애는 패치 배포. https://t.co/LzNQaoPhDi
— 나가토 유키 (@nagato708) July 11, 2019
Apple update kills off Zoom web server... via @zdnet #infosec #tech #ThursdayThoughts https://t.co/btaCPRzXKV
— AJ Durling (@Gurgling_MrD) July 11, 2019
Apple update kills off Zoom web server https://t.co/qz7nL3g0Cb by @dobes
— ZDNet (@ZDNet) July 11, 2019
The finale of @zoom_us for those who have been reading along on this very serious issue.https://t.co/s9ObJ9O9Jx
— Taneka Stotts @ FLAMECON (@TanekaStotts) July 11, 2019
Yet more evidence that I was not kidding. Please stop giving Zoom money. They don't spend it on security and have no security researchers on payroll. They don't care and prefer to bury bugs instead of fixing them unless forced. https://t.co/BJXSQZSjuY https://t.co/Qi5y1nXOez
— Lance R. Vick (@lrvick) July 11, 2019
Engadget said so - https://t.co/QqIPdz0XVV
— Kai (@Kai_LB) July 11, 2019
Apple quietly updates Macs to remove Zoom webcam exploit https://t.co/cWM8W2LQSF pic.twitter.com/kIvaemYx2D
— David Wu (@davidwu9999) July 11, 2019
애플, Zoom이 비밀리에 설치한 웹 서버 제거하기 위해 조용히 macOS 업데이트 배포.
— Wan Ki Choi (@wkchoi) July 11, 2019
- 금주 초 보안 연구원, 줌 화상통화 앱이 맥에 숨겨진 웹 서버 설치 보고
- 줌, 사용자가 한번 클릭으로 줌 미팅에 합류하도록 웹 서버 설치 그러나 웹캠과 마이크 탈취에 취약해 https://t.co/MxHv0qhp24
Yoooooo they did it https://t.co/YHuLLN47qf
— Andrew Pouliot (@andpoul) July 11, 2019
Apple is silently removing Zoom’s web server software from Macs - I LOVE it :) https://t.co/7ap7Xd5Zao
— Damien Gosset @ PSU Mac Conference (@dgosset) July 11, 2019
AppleがZoomの脆弱性である隠れ常駐サーバープロセスを殺すMacアップデートを作って配布。素晴らしいスピード感!
— あまど@Timers inc. CTO (家族アプリFamm運営) (@amado_tech) July 11, 2019
RT: Apple has pushed a silent Mac update to remove hidden Zoom web server https://t.co/Slrh3GfpiW
Unopular opinion: this scares the hell out of me. I accept malware definition updates but this crosses a line. Removing files without my permission, no matter what the perceived risk is, is not what I expect from an OS. https://t.co/0PuLUfgve0
— Daniel Cuthbert (@dcuthbert) July 11, 2019
Well ... damn. #MacOS #Zoom #vulnerability #exploit #cybersecurity #websecurity https://t.co/o0XZCfcaSu via @threatpost
— SecurityMustache (@SecurityMustac1) July 9, 2019
ICYMI: Apple fixes major Zoom video conferencing security flaw https://t.co/u8cdY344PM by @cultofmac pic.twitter.com/FP0zAv1kZX
— Cult of Mac (@cultofmac) July 11, 2019
https://t.co/aQO0gumGni
— Rob Donoghue (@rdonoghue) July 11, 2019
Bit of good news after Zoom’s giant shrug.
Silent Mac update nukes dangerous webserver installed by Zoom https://t.co/UTWGkTXq1t
— Tactical Tech (@Info_Activism) July 11, 2019
Silent Mac update nukes dangerous webserver installed by Zoom https://t.co/ORG6eC30yZ
— Dr. Michael Spehr (@MicSpehr) July 11, 2019
Apple steps in to clean up the mess left by reckless developers.https://t.co/z5hhWfBPbd
— James (@9voltDC) July 11, 2019
애플, Zoom 앱이 몰래 개설한 웹서버 기능을 막는 패치를 자동으로 실시. 알아서 자동으로 되므로 따로 업데이트하거나 조작할 것은 없음. https://t.co/Mvurx5zIRG
— 푸른곰 (@purengom) July 11, 2019
You may have heard in recent days about a vulnerability within the Zoom teleconferencing app for Mac. The flaw allowed a third party to open a call, and automatically enable your webcam and microphone, just by having you click a link.https://t.co/TZCgAUVZAo
— Dorset Police Cyber (@DP_CyberCrime) July 11, 2019