Zoom is facing a variety of privacy and security issues this week, and the company is already responding to some of them rather quickly. Software engineer Felix Seele discovered earlier this week that Zoom’s macOS installer works around Apple’s OS restrictions by using “the same tricks that are being used by macOS malware” to get its software on Macs.
This meant the Zoom app was being installed without users providing final consent, thanks to a misleading prompt that automated the install process. The discovery prompted Zoom CEO Eric S. Yuan to respond over Twitter, with a promise to improve the situation. Zoom has now issued a new update that addresses the problems revealed by Seele.
“They completely removed the preinstall stuff, so you now need to click through the installer as it ought to be,” explains Seele in a message to The Verge. The fake prompt has also been removed so users have to specifically click through and install Zoom. “I must say that I am impressed,” says Seele. “I expected them to maybe change the dialog, but since the ‘zero-click’ aspect was so important to them, I thought they would stick with the preinstall-trick.”
Zoom is also pausing new features for 90 days
Zoom’s quick fix comes just two days after Zoom’s CEO responded to the findings on Twitter. Zoom is also pausing feature updates for 90 days to address a variety of security and privacy concerns that have come to light in recent days.
Zoom will now spend the next three months fixing all these problems as it struggles to avoid becoming a victim of its own success. Zoom also revealed earlier today that it had 10 million daily meeting participants in December, and that figure has now grown to 200 million during the ongoing pandemic.