Automatic software updates are now available for the desktop Zoom client on Windows and macOS, but it’s not available for Linux yet. Mobile devices can be automatically updated through app stores. Zoom says automatic updates will be on by default for most consumer users. However, users can configure the frequency of updates in Settings, under General, where there’s now a checkbox for ‘Automatically keep my Zoom up to date.’ See also: Managers aren’t worried about keeping their IT workers happy. That’s bad for everyone. The ‘Slow’ option is the default and means less frequent updates with a focus on stability. The ‘Fast’ option delivers the latest features and updates as soon as they’re available. “When critical security updates are involved, updates will go to everyone,” says Jeromie Clark, a Zoom technical product manager for security and privacy, in a blogpost. For enterprise, where Zoom might be installed on Windows via MSI packages or macOS PKG files, the automatic update setting for end-users is disabled. The option is available by default for clients in enterprises that deploy EXE of DMG packages. However, admins can disable the option. Zoom offers monthly feature updates and releases security updates as needed. “This update improves the existing experience and expands the intended audience to include all individual desktop client users who are not members of an enterprise organization,” says Clark. “Automatic updates help our users easily receive important security fixes and helpful features, improving their overall experience with the Zoom platform.” The first of these updates will be automatically applied this month, and it includes:
Updates for Zoom Meetings, offering enhanced slide manipulation capabilities to give presenters more control over meeting flow, new feedback opportunities for webinar polls, additional watermark settings for protected content, and attendance status indicators for tracking meeting participation.New customizations for Zoom Events, including automatic corporate matching for fundraisers, enhanced chat control flexibility for moderators, and support for new accessibility options like third-party closed captioning. Expanded Zoom Phone support for E911 services, bringing it into compliance with recent legislation on location tracking for first responders. It also includes new analytics for KPIs, such as missed call rates and average call time, and verification icons for incoming calls that comply with the STIR/SHAKEN standard.
The automatically applied patches will also help Zoom better react to discovered security flaws. One example of a security update: Zoom recently patched a flaw that affects Zoom for Windows, iOS, Android, Chrome OS, and Linux, as well as Zoom’s conferencing software and its Meeting SDK. Google Project Zero’s Natalie Silvanovich reported the bug. See also: The secret to being more creative at work? Why timing could be the key. The memory-related buffer overflow flaw, CVE-2021-34423, has a CVSS score of 7.3 out of 10 and allows a “malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code,” according to Zoom’s advisory. It does not state whether the flaw is remotely exploitable. Silvanovich also reported a medium severity flaw that affects the Zoom client and app on all platforms. The bug exposes the state of process memory, potentially allowing an attacker to view memory. Zoom last week reported net income for the third quarter of $338.4 million and revenue of $1.051 billion. It has 2,507 customers contributing more than $100,000 each and 512,100 customers with more than 10 employees. Zoom is expecting full fiscal year revenue of between $4.079 billion and $4.081 billion.