Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.
The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.
Apple said the update does not require any user interaction and is deployed automatically.
The video conferencing giant took flack from users following a public vulnerability disclosure on Monday by Jonathan Leitschuh, in which he described how “any website [could] forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.” The undocumented web server remained installed even if a user uninstalled Zoom. Leitschuh said this allowed Zoom to reinstall the app without requiring any user interaction.
He also released a proof-of-concept page demonstrating the vulnerability.
Although Zoom released a fixed app version on Tuesday, Apple said its actions will protect users both past and present from the undocumented web server vulnerability without affecting or hindering the functionality of the Zoom app itself.
The update will now prompt users if they want to open the app, whereas before it would open automatically.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Apple often pushes silent signature updates to Macs to thwart known malware — similar to an anti-malware service — but it’s rare for Apple to take action publicly against a known or popular app. The company said it pushed the update to protect users from the risks posed by the exposed web server.
Zoom spokesperson Priscilla McCarthy told TechCrunch: “We’re happy to have worked with Apple on testing this update. We expect the web server issue to be resolved today. We appreciate our users’ patience as we continue to work through addressing their concerns.”
More than four million users across 750,000 companies around the world use Zoom for video conferencing.
