google-site-verification=ZROl80l61QhOtPibZEkN2g8KB9rDzghHp1M9_hyKO8k
请选择 进入手机版 | 继续访问电脑版

 找回密码
 立即注册
搜索
Getinnovationgadgets > Tech > 查看内容

Zoom's scary webcam flaw also affects RingCentral and Zhumu (Updated)

2019-7-18 06:01| 发布者: admin| 查看: 69| 评论: 0

摘要: Last week, video conferencing app Zoom had to make a major change to its service to fix a frightening webcam vulnerability. But?new evidence disclosed by security researcher Karan Lyons shows that oth ...
Zoom’s scary webcam flaw also affects RingCentral and Zhumu (Updated)

Last week, video conferencing app Zoom had to make a major change to its service to fix a frightening webcam vulnerability. But?new evidence disclosed by security researcher Karan Lyons shows that other conferencing apps like RingCentral and Zhumu are susceptible to the same issue.

This means that, if you’ve installed either of the two apps, a malicious website could potentially embed a meeting link that — upon visiting — would automatically open up a video conference that turns your webcam on.

RingCentral, in response, has issued an emergency patch (v7.0.151508.0712), while urging users to not click on meeting links from unknown sources.

Both RingCentral and Zhumu are powered by Zoom, with the former used by over 350,000 organizations. Zhumu, on the other hand, is essentially a Chinese version of the app, which Zoom bought in 2013.

Earlier last week, a disclosure by security researcher Jonathan Leitschuh revealed how Zoom installed a secret local web server on Mac devices — with an intent to save an extra click — but left users vulnerable by making it possible for an attacker to hijack their webcams.

To fix the flaw, Zoom released a patch that got rid of the local web server from Macs. In an unusual move, even Apple stepped in to remove the hidden server via an automatic update, noting it took the step “to protect users from the risks posed by the exposed web server.”

Leitschuh, in an update to his Medium post on July 9, had previously stated the vulnerability affected RingCentral as well.

“As far as I can tell this vulnerability also impacts Ringcentral. Ringcentral for their web conference system is a white labeled Zoom system,” Leitschuh said.

The incident highlights the issues that could stem from using white-labeled software. Although it’s much easier to license already available solutions, the problem is that if the provider has a flaw, every other company that reuses it suffers from the same security defect.

This?makes it absolutely critical that vulnerability fixes are patched, distributed, adopted and installed in time.

Update on July 17, 9:30 AM IST: The Verge reports that Apple has deployed another silent security update to remove web servers installed by RingCentral and Zhumu. Like the update pushed last week, this one does not require any user interaction to install.


Flower

Handshake

Shocking Man

Passby

Egg
返回顶部