Zoom has released a patch for its Mac app that removes a localhost web server from your Mac and allows users to manually uninstall the app from the menubar after a serious flaw was discovered. You can download the patch here.
In a Medium post earlier this week, security researcher Jonathan Leitschuh disclosed a vulnerability in the app that could allow a website to access your Mac’s camera without your knowledge or permission. As Leitschuh explained, the vulnerability stemmed from Zoom’s quest for simplicity. As the service works, you can just send anyone a Zoom meeting link which will in turn automatically open the Zoom client installed on their machine. In case you’ve deleted the app, Zoom keeps a localhost web server running silently on your Mac, Leitschuh said, so the Zoom client will reinstall when a link is clicked without requiring any user interaction on your behalf besides visiting a webpage.