The disclosure doing the rounds this month is the Zoom one: the Mac client quietly ran a local web server so a webpage could pull you into a call, and crucially that server stuck around even after you uninstalled the app, ready to reinstall it. Apple ended up pushing a silent update to rip the leftover server out. I read the writeup with the particular discomfort of someone who has, at some point, shipped a background helper "to improve the experience".
What stuck with me wasn't the webcam angle, alarming as that is. It was the persistence. An application you removed left a process listening on localhost, and that was a deliberate decision to route around the browser asking the user a question. Every time a vendor decides a permission prompt is friction to be engineered away, this is roughly where it leads.
I went and looked at what was listening on my own machines that afternoon:
sudo lsof -iTCP -sTCP:LISTEN -P -n
Nothing as dramatic, but a couple of helpers I'd forgotten I'd ever installed. That's the real lesson for me. The fix here is a silent update from Apple, fine, but the habit it exposes (background services that outlive their app and exist to dodge a user prompt) is everywhere, and most of it never makes the news.