The recently disclosed security flaw in the Zoom app was apparently not the only one. Although Apple responded in time and issued a silent system update, two more programs with the same vulnerability appeared right away.
macOS's approach to using hardware with software has always been exemplary. Especially the latest version uncompromisingly tries to separate applications from the use of peripherals such as a microphone or web camera. When using it, it must politely ask the user for access. But here comes a certain stumbling block, because access allowed once can be used repeatedly.
A similar problem occurred with the Zoom application, which is focused on video conferencing. However, one of the security experts noticed the security flaw and reported it to the creators and Apple. Both companies then released the appropriate patch. Zoom released a patched version of the app and Apple released a silent security update.
The bug that used a background web server to track a user through a webcam appeared to be resolved and will not reoccur. But a colleague of the discoverer of the original vulnerability, Karan Lyons, searched further. He immediately found two other programs from the same industry that suffer from exactly the same vulnerability.
There are many apps like Zoom, they share a common ground
The Ring Central and Zhumu video conferencing applications are probably not popular in our country, but they are among the most popular in the world and over 350 companies rely on them. So it's really a decent security threat.
However, there is a direct connection between Zoom, Ring Central and Zhumu. These are so-called "white label" applications, which, in Czech, are recolored and modified for another client. However, they share architecture and code behind the scenes, so they differ primarily in the user interface.
A macOS security update is likely to be short for these and other copies of Zoom. Apple will probably have to develop a universal solution that will check whether installed applications are running their own web server in the background.
It will also be important to monitor whether, after uninstalling such software, all sorts of remnants remain, which can then be exploited by attackers. The path of releasing a patch for every possible offshoot of the Zoom application could, in the worst case, mean that Apple will release up to dozens of similar system updates.
Hopefully, we won't see a time when, like Windows laptop users, we'll stick over the webcams of our MacBooks and iMacs.
Well, if the app installs a web server there that stays running even after I shut down the app, it's all very sad..
Developer: “Should we do it well? It will cost plus or minus xxx $$$ and will have certain limitations…”
Manager: "No, you have a week to do it and we need all the features, so do it quickly, especially if it somehow works..."
Petr Škuta 
Amaya Toman 
Well, if the app installs a web server there that stays running even after I shut down the app, it's all very sad..
Developer: “Should we do it well? It will cost plus or minus xxx $$$ and will have certain limitations…”
Manager: "No, you have a week to do it and we need all the features, so do it quickly, especially if it somehow works..."