Video conferencing and collaboration platform Zoom has released an update to its macOS client addressing a security issue whereby a Mac’s microphone remained enabled even after a meeting had ended.
Zoom users running the latest version of macOS Monterey had been concerned about the apparent privacy issues since December 2021, according to posts made on the official Zoom community support forums, first reported by The Register.
The issue in question involved the orange dot in the Mac’s Control Centre appearing, indicating that the device’s microphone was being used in an application. That app was revealed to be Zoom, which was open in the taskbar but not actively in a meeting.
Numerous replies to the original post echoed concerns regarding where the audio data was being sent, and that it wasn’t a single use case.
One user appearing to represent Zoom support said the bug was known to Zoom and it was patched in the 5.9.3 version released on 24 January 2022. That said, IT Pro is still waiting to hear from Zoom officially.
The release notes accompanying version 5.9.3 made no explicit mention of the macOS bug, but earlier release notes for version 5.9.1 issued on 20 December 2021 indicated the big had been fixed, though no explanation as to why the bug presented itself, or what was done with recordings.
Numerous users also reported the bug persisting even after updating to version 5.9.1 and complaints persisted well into January 2022, long after even the 5.9.3 patch was released. IT Pro will update this story if Zoom provides clarity on the issues.
At the time, users commenting on the community support thread voiced their concerns around privacy, re-iterating their experience with Zoom’s privacy issues in years gone by. One user said: “This is [a] major privacy breach and I am considering dropping Zoom and asking my IT department to replace Zoom with a more secure option”.
The incident prompted Apple to roll out a silent update removing the web server from all Mac machines which followed Zoom’s own update achieving the same purpose. Apple said at the time that no user intervention was required to enable the update but IT Pro’s testing, at the time, showed the issue persisted until the user rebooted their machine.
The company also settled a case with the Federal Trade Commission (FTC) in 2020 after the claims it made about the use of end-to-end encryption (E2EE) on its platform, which was used by governments and local authorities during the pandemic, turned out to be false.