Comment by bgentry
6 years ago
In response to all of the well-deserved criticism, Zoom just made two updates to their blog post[1] to announce that they will be completely removing the webserver for all macOS users in a new release tonight, and also adding an option prompt going forward:
JULY 9 PATCH: The patch planned for tonight (July 9) at or before 12:00 AM PT will do the following: 1. Remove the local web server entirely, once the Zoom client has been updated – We are stopping the use of a local web server on Mac devices. Once the patch is deployed, Mac users will be prompted in the Zoom user interface (UI) to update their client. Once the update is complete, the local web server will be completely removed on that device. 2. Allow users to manually uninstall Zoom – We’re adding a new option to the Zoom menu bar that will allow users to manually and completely uninstall the Zoom client, including the local web server. Once the patch is deployed, a new menu option will appear that says, “Uninstall Zoom.” By clicking that button, Zoom will be completely removed from the user’s device along with the user’s saved settings.
PLANNED JULY RELEASE: Additionally, we have a planned release this weekend (July 12) that will address another security concern: video on by default. With this release: 1. First-time users who select the “Always turn off my video” box will automatically have their video preference saved. The selection will automatically be applied to the user’s Zoom client settings and their video will be OFF by default for all future meetings. 2. Returning users can update their video preferences and make video OFF by default at any time through the Zoom client settings.
Edit: the new version is now released at https://zoom.us/download
[1]: https://blog.zoom.us/wordpress/2019/07/08/response-to-video-...
> Remove the local web server entirely
Thank goodness. Sanity has prevailed.
You know you've blown it when the following appears in a buzzfeed article about your software:
> open the application called, “Terminal.” Copy and paste this text: lsof -i :19421. Press enter. You’ll get a string of mumbo jumbo. Underneath the text “PID,” copy the string of numbers underneath. Then type “kill -9” (without the quotes), add a space after -9 and paste the PID string of numbers. Press enter. The server has been killed.
:D
Verified that the patch removes the web server.
What I'd really like to see now is them addressing the fact that their initial response to this was terrible, as if whoever was making the decision had no idea how bad this design was from a security standpoint.
This whole thing reads like a security response driven by marketing and branding considerations. They put a lot of work into that seamless experience they're so proud of, apparently without security professionals being involved.
These factors point to a company that fundamentally doesn't take security very seriously. That's not a fast, easy, or cheap thing to change. I suspect it won't any time soon.
> We’re adding a new option to the Zoom menu bar that will allow users to manually and completely uninstall the Zoom client, including the local web server.
Including the local web server that definitely doesn't exist anymore anyway after this patch?
I uninstalled it via their new patch, but it doesnt remove all files. I think its just caches and logs left but who knows. If you want to purge this malware with fire you still need to follow the instructions at https://apple.stackexchange.com/questions/358651/unable-to-c...