Apple has pushed this update in order to fix the Mac webcam hijack vulnerability in RingCentral and Zhumu. Both these apps are by Zoom, and it was found out this week that they are also susceptible to the same web server vulnerability as Zoom.
These two apps installed software able to respond to commands that could potentially allow websites to open up your webcam during a video conference without permission. Manually removing the apps did not work as it did not eliminate the secondary software that was vulnerable to exploitation, which is also how Zoom worked.
Zoom is aware of this issue and has released a patch to fix the issue and remove the web server. So installing Zoom now no longer installs a local web server on Mac devices, and there is a new setting to save the “Always turn off my video” preference that disables video in Zoom by default until it is manually enabled.
Last week, Apple noted that it “often pushes silent signature updates to Macs” to remove known malware instead of making things public.
Source: Verge
