Earlier this month, the popular video conferencing application for macOS devices, Zoom, was found to have a severe flaw that would allow an attacker to spy on a user’s webcam at their leisure. The same vulnerabilities were found on two rebranded versions named RingCentral, which is used by over 350,000 businesses, and Zhumu, the Chinese version also affecting users on macOS. The flaw stems from a hidden local web server that is downloaded with the application. Even if the app is removed, the hidden web server remains on the user’s system. Mac has addressed the issue by disabling the original Zoom app but has not disabled the other versions. The original proof of concept (POC) video shows how an attacker could turn on the victim’s webcam and microphone remotely. This flaw was later escalated to allow remote code execution attacks by another researcher. RingCentral has released an updated version that patches the vulnerability by removing the webserver. However, the Chinese version, Zhumu, has yet to release an update. The software updates are not capable of helping customers who have removed the programs from their system.
Analyst Notes
Users of the RingCentral app are highly recommended to download the new version as soon as possible. This download can be found from the RingCentral homepage of the updater on Mac systems. Users who have removed the original Zoom app or the RingCentral app will have to remove the hidden webserver manually.
