Comment by scarface_74
2 years ago
It’s reasonably secure because no one has bothered to write malware for it.
But there was nothing on the Mac stopping Zoom from putting a backdoor web server on Macs.
2 years ago
It’s reasonably secure because no one has bothered to write malware for it.
But there was nothing on the Mac stopping Zoom from putting a backdoor web server on Macs.
Apple could revoke Zoom's signing certificate, if they were discovered to be doing this.
That's the thing: they were. Apple did act, but not by revoking the certificate.
https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-s...
The thing is, Zoom was not being malicious, and weren’t any exploits hypothetical? That server was a good idea, because it allowed launching Zoom calls without the constant warning popups that Apple injected into the process of launching of a custom URI scheme, which was what it used before and after that era. With the local server it was one click to join. Calling it “a web server” was a scare tactic to get people to think Zoom was serving a site to the public, or hosting your public files.
No, I don’t want Apple to set the precedent that they will delete your whole business if you make an architecture choice they feel is not perfect.