Apple quietly released an update for macOS, remove hidden web server service for video conferencing Zoom. Earlier, researcher Jonathan Leitso (Jonathan Leitschuh) disclosed vulnerability (CVE-2019–13450) to Zoom, allowing you without the permission of the enable web camera and connect the user to the conference from Zoom.
One of the functions in the Zoom automatically activated the app, allowing participants to join a video conference at the invitation of the browser. Function was ruled by a hidden web server (port 19421), which receives commands via http requests to GET the server to communicate any open browser website. Exploitation of this vulnerability allowed to follow the user through a web camera or to bring Mac down.
The update removes hidden web server Zoom, which remained on the system after uninstalling the application. The update is automatic and requires no user interaction.
Read more •••