As buzzfeed reports, security researcher Karan Lyons published evidence of more videoconferencing applications that can be opened maliciously with their cameras turned on due to a security breach. The applications this time are RingCentral and a Chinese app called Zhumu. If you are a Mac user who has already installed one or the other of these applications and then visited a malicious website, the embedded code in an iframe would automatically open a video conference that would turn on your webcam. Both are actually using Zoom-in-the-Box technology (essentially white labels), so the issues that have affected Zoom are also affecting them.
If you are a RingCentral user, you must update your application as soon as possible because the latest hotfix includes a fix for this problem. If you are a former user, then you will need to do a little more work to check your computer. Like Zoom In, RingCentral has installed a daemon on your computer that listens for remote calls and is not removed during a typical uninstallation process. Lyons has released patches for these applications on GitHub and, as before, they involve terminal commands.
With Zoom, Apple finally intervened to publish a global update on the Macs to remove the additional software Zoom – the day after Zoom himself finally changed his mind and updated its own software for do the same. Apple's intervention was probably necessary, otherwise users who uninstalled the Zoom application would never have received the update of Zoom that removes the remaining daemon. Lyons says that it is likely that other Zoom applications labeled in white could have the same problem.
RingCentral (and Zhumu, and probably all white Zoom labels) are vulnerable to another, slightly different, RCE. They are not automatically deleted by Apple.
CVE-2019-13576 and CVE-2019-13586
Follow these instructions to protect yourself: https://t.co/FVkyBM1efB pic.twitter.com/c66hvGb1wm
– Karan Lyons (@karanlyons) July 15, 2019
We contacted Apple to find out if she intended to repeat herself and publish updates for RingCentral and Zhumu. Talk to buzzfeedA spokesperson for RingCentral said the company had "taken immediate steps to mitigate these vulnerabilities for all potential customers," but to his knowledge the security breach had not been exploited. wild.