clock menu more-arrow no yes

Filed under:

Zoom quickly fixes ‘malware-like’ macOS installer with new update

New, 9 comments

A quick fix just two days after Zoom CEO responded on Twitter

Zoom is facing a variety of privacy and security issues this week, and the company is already responding to some of them rather quickly. Software engineer Felix Seele discovered earlier this week that Zoom’s macOS installer works around Apple’s OS restrictions by using “the same tricks that are being used by macOS malware” to get its software on Macs.

This meant the Zoom app was being installed without users providing final consent, thanks to a misleading prompt that automated the install process. The discovery prompted Zoom CEO Eric S. Yuan to respond over Twitter, with a promise to improve the situation. Zoom has now issued a new update that addresses the problems revealed by Seele.

“They completely removed the preinstall stuff, so you now need to click through the installer as it ought to be,” explains Seele in a message to The Verge. The fake prompt has also been removed so users have to specifically click through and install Zoom. “I must say that I am impressed,” says Seele. “I expected them to maybe change the dialog, but since the ‘zero-click’ aspect was so important to them, I thought they would stick with the preinstall-trick.”

Zoom’s quick fix comes just two days after Zoom’s CEO responded to the findings on Twitter. Zoom is also pausing feature updates for 90 days to address a variety of security and privacy concerns that have come to light in recent days.

Security researchers and privacy advocates have raised the alarm on default settings that have allowed the “Zoombombing” phenomenon to take place, where pranksters join Zoom calls and broadcast porn or shock videos. Zoom was also forced to update its iOS app last week to remove code that sent device data to Facebook. Zoom then had to rewrite parts of its privacy policy after it was discovered that users’ personal information was susceptible to being used to target ads. User information is also reportedly being leaked because of an issue with how Zoom groups contacts.

Zoom will now spend the next three months fixing all these problems as it struggles to avoid becoming a victim of its own success. Zoom also revealed earlier today that it had 10 million daily meeting participants in December, and that figure has now grown to 200 million during the ongoing pandemic.