I imagine many in #infosec will conclude the ends justify the means, and I imagine most Apple users won't care, but I still think silently pushing non-interactive 3rd-party app updates to consumer devices is creepy: https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/
That’s a toughie, because I’m the kind of person who wants to understand what each update is supposed to do before I install it. But if the update patches a critical vulnerability that could be exploited to spy on me or cause me harm, I would want it patched ASAP instead of leaving me exposed. I agree it’s creepy. Not sure what the answer is.
@dallin It's the silent, non-interactive part, combined with the fact that it's a 3rd party app the user installed independently, that make it creepy. Prompting the user to update/patch would make it less creepy.
Yes, a prompt would be ideal.
@kyle They didn’t modify the app (that would be creepy), they pushed a new signature into OSX’s malware detector that disabled it (which is less creepy). By most definitions, Zoom’s mac app *was* malware. The fact that Apple has the ability to arbitrarily block the use of software without giving users an override is a problem, but it’s a step below being able to arbitrarily patch an app.