The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software.
Security researchers confirmed The Hacker News that RingCentral, used by over 350,000 businesses, and Zhumu, a Chinese version of Zoom, also runs a hidden local web server on users’ computers, just like Zoom for macOS.
The controversial local web server that has been designed to offer an automatic click-to-join feature was found vulnerable to remote command injection attacks through 3rd-party websites.
Security researcher Jonathan Leitschuh initially provided a proof-of-concept demonstrating how the vulnerable web server could eventually allow attackers to turn on users laptop’s webcam and microphone remotely.
The flaw was later escalated to remote code execution attack by another security researcher, Karan Lyons, who has now published a new video demonstration confirming the same RCE flaw in RingCentral and Zhumu for macOS users.
RingCentral has already released an updated version (v7.0.151508.0712) of its meeting app for macOS that patches both vulnerabilities by removing the vulnerable web server installed by the video conferencing software.
As explained in our previous article by Mohit Kumar, Apple released a silent update for its macOS users to remove the Zoom local web server (ZoomOpener daemon) for all users. However, Apple update did not remove the local server installed by RingCentral and Zhumu.
Therefore, users who are still using the RingCentral video conferencing software are highly recommended to update their systems to the latest patched version of the software.
“All users that have installed RingCentral Meetings on MacOS should accept the update. Please ensure that all RingCentral Meetings MacOS versions prior to v7.0.151508.0712 are removed,” the company says.
“RingCentral is continuing to work on addressing the General Concern related to ‘Video ON Concern’ for additional platforms. We will continue to provide updates.”
However, the software update could not protect former customers who are not using the software anymore but have the vulnerable web-server still activated on their systems unknowingly.
Those users are advised to remove the hidden web server manually by running commands provided by the researcher on GitHub.
However, the Chinese app Zhumu has not yet released a patch for their software, but users can still uninstall the server following the same terminal commands.
Leave a Reply