Hacker News new | past | comments | ask | show | jobs | submit login

This means there might have been another side to this story: Zoom's change of heart might have been forced by Apple, not the public backlash.

Apple: Hey, your app poses a threat to macOS security. We're going to remove your server app with the built-in macOS anti-virus.

Zoom: Oh crap. Okay, give us 2 sprints to release a new version that removes it.

Apple: We're killing it in 48 hours.


Zoom, after an all-nighter: HEyyy users, we have a patch for youu

I've been on the Catalina Beta since the week of WWDC, and Zoom hasnt worked for me until the update today.

The loading modal would come up, but the app window would never open and I would have to force kill the app entirely, since I couldn't close the modal.

I suspect that Apple had already closed the possibility of the loophole on Catalina, which is why it wasn't working.

So I suspect they had probably noticed it weeks ago.

I had the same experience on Catalina, couldn't launch. Explains why I couldn't reproduce the bug from the Medium article too. Uninstalled it before the update.

I believe the issues running Zoom were due to tightening of security in Catalina for screen capture.

HN 2 hours since story broke:

  rm -rf ~/.zoomus

That doesn't solve the problem because the webserver continues to run even if you have uninstalled Zoom.

Source: https://medium.com/bugbountywriteup/zoom-zero-day-4-million-...

Quote: "Then you can delete the ~/.zoomus directory to remove the web server application files."

You'd still have to kill the pid

Wild speculation.

Wouldn't say so.

The who found the Vulnerability where at least talking to the people at chrome and firefox: Quote from there Blogpost (https://medium.com/bugbountywriteup/zoom-zero-day-4-million-...) "Apr 10, 2019 — Vulnerability disclosed to Chromium security team.

Apr 19, 2019 — Vulnerability disclosed to Mozilla FireFox security team."

So, not entirely unrealistic that the other Browser manufacturer also got a notice.

More like a good joke

But highly plausible.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact