Earlier this week, a security researcher announced an exploit stating that websites could use Zoom video chat software to launch your webcam and record it without your permission. Now Apple automatically removes Zoom's web server from all Macs.
Zoom, a video chat service designed to provide comfort. It has developed its software to participate in a video chat and launch your webcam by simply clicking on a link. But Safari, Apple's browser, released an update to prevent this behavior. Instead, you would confirm that you want to start your webcam.
Zoom has decided to work around this issue and installed a local Web server on Macs that can bypass the security clearance for usability. The whole concept is problematic, and as Jonathan Leitschuh has shown, a bad actor could easily create a website that will automatically redirect you to a call and launch your webcam.
Even worse, if you uninstall Zoom from your Mac, the Web will not be removed server. That meant it was easy to force a reinstall of the software without your permission.
Zoom promised to make changes, and apparently Apple came in to help. Apple has released a silent update that removes the Zoom web server from your Mac. The process is automated and you do not have to do anything. This should make anyone who likes zoom safer on MacOS. However, the auto-connect feature still affects Windows. [TechCrunch]
RELATED: Zoom allows websites to film you on Windows without your permission
In other news:
- Microsoft's newest insider update contains a password-free character -in: Microsoft is pushing the insider tests, and the latest update contains some interesting additions. In addition to expanding your phone for more Surface devices, the company is testing a new option for logging in without a password. It essentially forces all Microsoft accounts on a PC to use Windows Hello, which should make the login a bit smoother. [Microsoft]
- A former Tesla employee admits having uploaded source code to iCloud: Guangzhi Cao, a former Tesla engineer, left the company to work for Xiaopeng Motors, the Chinese EV startup. He worked in the autopilot department of Tesla and had previously uploaded the autopilot source code to iCloud. Tesla has accused him of stealing the code for his new company, although Xiaopeng Motors denies any knowledge of the theft. Cao claims he deleted all the files he uploaded to the cloud. [The Verge]
- Microsoft closes Remix3D.com later this year: Microsoft closes Remix3D.com later this year: Microsoft will retire Remix3D.com on January 1
- Older download versions of the Pale Moon browser infected with malware: Pale Moon, a spinoff of FireFox, announced that hackers have violated its archive server. The server provided links to older versions of the browser, and the hackers added malware to these downloads. The goal seems to be to steal your cryptocurrency. Chalk it out for another reason not to use a Firefox fork. [ZDNet]
- Google Shut Down the Nest Apple Watch App: Are You Using Your Apple Watch to Control Your Nest Thermostat? According to Google probably not. The company states that very few users have used the app. Therefore, Apple Watch compatibility was removed in the latest update. [9to5Google]
- White Hat hackers attempted to kill ransomware criminals, but it's a draw: White Hat hackers attempted to use a denial of service attack to prevent the spread of ransomware. They noted that parts of the ransomware's proliferation and attack were predictable and attempted to exploit this vulnerability. At first it worked, but the evil hackers have just updated the software. Nevertheless, nice try. [Ars Technica]
- Apple has disabled walkie-talkie for the Apple Watch after exploit : Following the release of an exploit, Apple has disabled the walkie-talkie feature on the Apple Watch. Details are rare, but it seems like a bad actor using the right steps could use walkie-talkie to listen to your conversations without your noticing it. Apple promises to fix the problem and enable the feature later. [9to5Mac]
RELATED: What are Denial of Service and DDoS Attacks?
Today, forty years ago, on July 11, the NASA Skylab Space Station fell back to Earth.
Skylab was the first space station launched and operated by NASA. It was only operational for 24 weeks, and the station consisted of a modified Saturn rocket and Apollo hardware.
The space station recognized early problems and was damaged at launch to transport the rocket into space. As a result, the astronauts spent a lot of time repairing the station when they arrived.
Astronauts performed experiments aboard the space station, ranging from life sciences to solar physics. However, the main goal was just to prove that people can live aboard a space station, albeit temporarily. In this way, Skylab paved the way to future space stations such as the International Space Station (ISS).
After NASA decided not to send any new crew members to the station, their orbit dropped slowly before falling back to Earth. NASA tried to control the fall so that the space station landed in the Indian Ocean and did no harm to anyone.
Unfortunately, parts of it landed in Australia and led the country – and that's right – to have NASA punish $ 400 for garbage. [Space.com]