Follow the news of any security breach on Apple’s systems and the pattern is predictable.
They’re both troubling security issues.
When security researcher Jonathan Leitschuh first published his findings on the issue on July 8, he revealed that he’d first alerted Zoom to the security breach on March 8 and received no reply.
He tried again on March 26, pointing out a “quick fix” and saying he’d alert the public to the breach in 90 days.
Amazingly, Zoom waited until the last of those 90 days to do anything substantial, and even then it only implemented the quick fix and nothing more — which itself was promptly found to be vulnerable a few days later on July 7.
The vulnerability was made public on July 8, and the next day Zoom removed the web server from its app “via a prompted update.” From being made aware of the problem to finally removing the offending piece of software, Zoom took 105 days — almost three and a half months.