Apple on Wednesday quietly rolled out a security-related update to all Mac systems to make sure current and former users of the Zoom video conferencing app weren’t exposed to a serious privacy and security flaw disclosed this week.  The flaw in the Zoom app for Mac systems allowed a website to silently access a vulnerable computer’s camera. The seriousness of the bug was exacerbated by Zoom’s practice of retaining a localhost web server on Macs even after users remove the app, which allowed it to reinstall the Zoom client automatically when a user clicks on a link.  Zoom argued the hidden web server was a valid “workaround” to a change in Safari 12 that required users click to confirm they want to start the Zoom client before joining every meeting.  “The local web server enables users to avoid this extra click before joining every meeting.

Read full article on CSO