I’m sure you’ve probably heard about the bad stuff that Zoom was doing.
Well, their installer is still up to mischief, so I basically wrote my own.
I wrote up the how-and-why here https://github.com/tjluoma/unpack-zoom
So far it’s only “lightly tested” but if others want to give it a try, I’m very open to feedback/suggestions, and I’m also willing to help out if folks want to use it but aren’t sure how.
If nothing else, hopefully it will get you to install Suspicious Package.app and set it as the default app for
.pkg files, if you aren’t already. Details at the link above. Comments welcome here or at GitHub, whichever is easier.
Objkective-See’s free BlockBlock utility (in beta, but IU’ve been using it for months) caught Apple’s silent fix for the Zoom vulnerability.
MRTConfigData_10_14-1.45 (MRT is Apple’s built-in “Malware Removal Tool”) added “MACOS.354c063”, a new encoded signature & removal routine.
For future reference, If you want to be alerted when an app like Zoom turns on your camera then insall Objective See’s free Oversight app.
Patrick Wardle, who runs Objective-See, and who runs the Mac-security-focused Objective By The Sea conferences, is a former dev for the NSA who develops free security tools for the Mac, making a living in part from the 1500+ patrons at his Patreon account. (I’m one of them.)
@tjluoma your repo link is broken.
UGH. I had the repo set to
private while I was setting it up, and forgot to reset it to
public. It should be fixed now.
Apple is releasing a patch update.
Unless it’s a slow rollout, they did it already. My post above showed the alert I got when Apple pushed it the other day.
I’m interested in this “Apple pushed a silent Mac update…” thing. I wonder how often Apple does that. It’s fine to be proactive, but why be secretive. (“Silent” to me sounds like “secret” in this case.) I appreciate Apple’s proactive approach, and it’s good that there are utilities to catch this (as @bowline explained above), but why not just send an email to our iCloud accounts and say: “we found something that needed an immediate fix and took care of if for you – click here for details”.
I’d disagree. First, it was widely reported - just Google silent macos update and you’ll see a dozen or more articles on it. Second, Zoom told TechCrunch: “We’re happy to have worked with Apple on testing this update"
I think Apple made the absolute right decision here, because otherwise it would have become a perma-bug had anyone previously (thought they’d) at any point deleted the app, because their Mac would have retained that problematic web server.
Apple does silent updates of various kinds all the time, for XProtect, GateKeeper, and Transparency, Consent, and Control (TCC) files. Aside from those files I remember a silent security update in January 2018 for systems running 10.12.6
Probably the deluge of support calls.
A notification of the update might work better. People are used to notifications being innocuous and passing them off.
You misconstrued what I wrote. I absolutely believe Apple did the right thing. I also believe Apple should proactively tell users when our machines are changed – after all, isn’t failing to do that the accusation against Zoom? I’m not part of the 1% of users that you and others here seem to belong to who pay meticulous attention to Apple infrastructure news.
I always wanted to be one of the 1%…