Zoom Updates Mac App With Important Security Fix

[a-bob]

I am an audio post production engineer and do a share of ADR. Have used nothing but Zoom to remotely connect to directors and sound supervisors for approval of ADR to picture. The audio has aways been good and picture sync reliable. Never had a request to use Skype, Teams or Ring. Always Zoom and have always had a good experience in this professional environment. Good they're patching up security issues.

 

[minik]

Nothing else uses the “Zoom engine” because that would be like Apple licensing out their SoC architecture. The reason Zoom does video so well is partly because they have a massive global infrastructure to transcode and reduce latency.

I looked at some of my old work emails. It's RingCentral Meetings which is based on Zoom platform.

 

[Mr. Heckles]

I remember there's another video conferencing application that uses the Zoom-engine, I forgot the name. Second, the main rival, Microsoft Teams, did a poor job on both Mac and Windows.

RingCentral uses Zoom

EDIT:

Nothing else uses the “Zoom engine” because that would be like Apple licensing out their SoC architecture. The reason Zoom does video so well is partly because they have a massive global infrastructure to transcode and reduce latency.

I looked at some of my old work emails. It's RingCentral Meetings which is based on Zoom platform.

RingCentral and Zoom Video Communications Announce Multi-Year Extension of Partnership

RingCentral and Zoom continues fruitful partnership to provide customers with world-class cloud-based PBX and video communications technology.

www.ringcentral.com

Zoom and RingCentral settle lawsuit | TechTarget

The agreement lets RingCentral Meetings customers continue using the Zoom-powered product without interruption.

www.techtarget.com

My work used to use Ring Central and in video meetings, I remeber the lower right corner it said "powered by Zoom".

 

[Rafael Santos]

Despite a recent flood of security and privacy failures, Yuan, Zoom’s CEO, appears to be listening to feedback and making a real effort to improve the service. “These new, mostly consumer use cases have helped us uncover unforeseen issues with our platform. Dedicated journalists and security researchers have also helped to identify pre-existing ones,” Yuan wrote in his blog post.

Zoom admits calls got 'mistakenly' routed through China

Zoom Traffic Through China: Company Apologizes

Links and text from 2020. Really convincing.

 

[BootsWalking]

Links and text from 2020. Really convincing.

How about the story of the vulnerability we're reading right now, that came out today? Is that recent enough for you?

Or this one from 10 months ago:
https://www.zdnet.com/google-amp/article/zoom-vulnerabilities-impact-clients-mmr-servers/

 

[genovelle]

Microsoft and Google are pushing companies to only use their solutions, but they are horrible. Both have multiple platforms and I can rarely get on a video call that works all the way through. Something always fails, audio, video, or both.

 

[Danoc]

.

 

[dabrace1984]

Tip: occasional or casual users of Zoom do not have to install the Zoom client. Zoom will run in most web browsers with no downloads or installations needed.

Simply follow the conference link sent out by the conference organizer. Then wait until a "Join in browser" link appears in the browser window. If Zoom automatically downloads a software installer, avoid clicking on the installer and move it to the Trash.

This tip is only a possibility if the host of the meeting has the meeting's "Join from your browser" option set to be enabled.

Enabling or disabling Show a "Join from your browser" link
https://support.zoom.us/hc/en-us/ar...-disabling-Show-a-Join-from-your-browser-link

 

[I7guy]

How about the story of the vulnerability we're reading right now, that came out today? Is that recent enough for you?

Or this one from 10 months ago:
https://www.zdnet.com/google-amp/article/zoom-vulnerabilities-impact-clients-mmr-servers/

If the low bar of this conversation is a security vulnerability exists in software then every single tech company is guilty as charged.

 

[ian87w]

More reason for people to demand these devs to put their apps in the Mac App Store, so updates is handled by the OS. All my Microsoft Officr apps are App Store versions since I can individually install apps that I want and updates are done through the App Store instead of Microsoft’s annoying daemon.

 

[alexonline]

I remember there's another video conferencing application that uses the Zoom-engine, I forgot the name. Second, the main rival, Microsoft Teams, did a poor job on both Mac and Windows.

Blue Jeans, from memory. Someone mentioned Ring Central above, so it presumably was that.

 

[alexonline]

Nothing else uses the “Zoom engine” because that would be like Apple licensing out their SoC architecture. The reason Zoom does video so well is partly because they have a massive global infrastructure to transcode and reduce latency.

Zoom and RingCentral settle lawsuit | TechTarget

The agreement lets RingCentral Meetings customers continue using the Zoom-powered product without interruption.

www.techtarget.com

 

[Bremse]

At the beginning of the pandemic when we were all sent to work from home, our IT department sent out a note advising everyone to never ever use Zoom for work and to not use it on our work laptops for personal use either.

 

[coolfactor]

It's really telling that that it took public disclosure to get this issue fixed, and fast!

Release notes of 5.11.5 (9788)
Resolved Issues
-Security enhancements

And it's amusing that they label the update as "Security enhancements". I'm sorry, but just be honest. Don't sugarcoat it.

Zoom leveraged the pandemic to massively increase the value of their company, and didn't pay sufficient attention to basic security audits of their software.

I cringe at software that uses its own software installers and updaters. Apple provides one that offers full transparency about what's being installed and where. This issue would not have been fixed by using Apple's installer, but at least users would have the opportunity to audit what is being installed.

 

[coolfactor]

More reason for people to demand these devs to put their apps in the Mac App Store, so updates is handled by the OS. All my Microsoft Officr apps are App Store versions since I can individually install apps that I want and updates are done through the App Store instead of Microsoft’s annoying daemon.

Yes, I view apps that avoid distributing through the App Store as slightly suspicious. Yes, there are barriers when distributing through the App Store, but those barriers ensure that we, the users, are better protected. I appreciate that, and companies distributing software should, too.

 

[ccsicecoke]

Do not use zoom!

 

[svish]

Good to know that vulnerability has been fixed.

 

[ThailandToo]

What data is being recorded on Chinese servers from the US? Please be specific.

That's just it, you and I will never know what they do with the data. The Chinese Communist Party has all ready hacked everything from social security records, credit reporting, and financial data on every American who's in a system. They will do anything and everything they can with this data now and in the future.

 

[ThailandToo]

Do not use zoom!

I don't believe any of that. And any issues have already been fixed. And what software hasn't been compromised. Apple is the worst of all. I guarantee that for every 1 security fix that Apple does, there are 10 more that they won't fix.

You have to understand, you haters are your own worst enemies. The haters exaggerate and fabricate to such a huge extent, that when you may have a legitimate concern, it isn't believed. "Zoom is a plague"? Give me a break. Is this Zoom disaster with China still continuing? Why hasn't it reached mainstream news? Because even it was a "issue", it certainly hasn't destroyed the world yet. And how much data has been lost, compromised, etc? I still occasionally read the forum in hope of some intelligent posts. But those are getting further and further between. If you want to be believed, get rid of the haters!!

It's not about hate. It's about China's intended use of data on US Consumers. Even though Trump was the President to ban Huawai, Biden has followed suit because we cannot allow Chinese companies to run the Internet. They all ready do harm by hacking data illegally off US companies and government to track and monitor people. Why? We don't know what they will do, but any Chinese company has the obligation to hand over and work with the Chinese Communist Party. That alone is the problem. The Chinese see US companies as a problem and institute their own blocking of any company that will not let them control the data servers. Just like iCloud for China is housed in China.

 

[Skyscraperfan]

The important take out of this is that it is possible for apps to auto-update to a version that can somehow "hack" MacOS to give the user more privileges. That seems a problem of MacOS and not a problem of Zoom. How can an app gives the user more privileges than he has? That should not be possible.

 

[vmistery]

IF you can don't download any of these meeting apps, most can work in a browser these days and this mens they will have much less access to your system and no clutter. I have to sue Teams for some clients, Zoom and other weird ones like BlueJeans, all work in a browser

 

[DailySlow]

Zoom is the only one I've tried where it's possible for people to go minutes at a time without misunderstandings. The audio is both better and faster.

My 95 year old mother in law uses it from her condo with minimal assist from fam by phone call (disclosure all use Macs) for church and family video gabs. There is no way anything else is as compatible and with as effective a UI.

 

[DailySlow]

Do not use zoom!

Qanot says Zoom=Boom=Room=Doom see the dots? connect them and weep.

 

[biziclop]

This is how to somewtah safely use Zoom, by Dr. Neal Krawetz security expert, The Hacker Factor Blog:

https://www.hackerfactor.com/blog/index.php?/archives/965-Stop,-Look,-and-Listen.html

TL;DR: avoid like plague.

If you use it / force others to use it for talking about your trade secrets or other sensitive things, then you're an

 

[LV426]

Explain this to me like I'm 8. "be exploited by a local low-privileged user to gain root privileges to the operating system" would they be able to read the keychain or credit card info without the password?

Quite possibly. Once installed, a continuously running Zoom updater program runs in the background as a "superuser", which has more permissions than you on your computer. That updater could be fooled into installing any old malware as part of an update.

This is quite shocking, really. To my mind, its entire approach to updating is wrong.