Apple pushes out another emergency security update to fix videoconferencing vulnerabilities

Angled Apple logo

Having released a silent update last week to protect Zoom users from webcam hijacking, Apple has now pushed out a second security patch that is silently installed in the background.

This second patch addresses issues with the RingCentral and Zhumu videoconferencing tools. These apps suffered from a very similar vulnerability, putting users at risk, so Apple has stepped in once again to neutralize the problem.

See also:

The RingCentral and Zhumu videoconferencing apps are white label partner apps that use Zoom technology, so it's little wonder that much the same security issue has been found in them. It was security researcher Karan Lyons who first drew attention to the fact that the vulnerability existed in more than just the main Zoom app.

As with Zoom, the partner apps also install a web server that can be used to hijack webcams. Uninstalling the apps is not enough to remove the server, meaning even people who have removed the videoconferencing tools remain at risk. Apple's latest update kills this server.

Zoom technology is used in a number of other apps, as noted by Lyons, and Apple has not said whether further updates will be released to patch these as well.

Image credit: Stockforlife / Shutterstock

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.