Security researchers confirmed The Hacker News that RingCentral, used by over 350,000 businesses, and Zhumu, a Chinese version of Zoom, also runs a hidden local web server on users' computers, just like Zoom for macOS.
The controversial local web server that has been designed to offer an automatic click-to-join feature was found vulnerable to remote command injection attacks through 3rd-party websites.
Security researcher Jonathan Leitschuh initially provided a proof-of-concept demonstrating how the vulnerable web server could eventually allow attackers to turn on users laptop's webcam and microphone remotely.
The flaw was later escalated to remote code execution attack by another security researcher, Karan Lyons, who has now published a new video demonstration confirming the same RCE flaw in RingCentral and Zhumu for macOS users.
As explained in our previous article by Mohit Kumar, Apple released a silent update for its macOS users to remove the Zoom local web server (ZoomOpener daemon) for all users.
Therefore, users who are still using the RingCentral video conferencing software are highly recommended to update their systems to the latest patched version of the software.
"All users that have installed RingCentral Meetings on MacOS should accept the update. Please ensure that all RingCentral Meetings MacOS versions prior to v7.0.151508.0712 are removed," the company says.
"RingCentral is continuing to work on addressing the General Concern related to 'Video ON Concern' for additional platforms. We will continue to provide updates."
However, the software update could not protect former customers who are not using the software anymore but have the vulnerable web-server still activated on their systems unknowingly.
Those users are advised to remove the hidden web server manually by running commands provided by the researcher on GitHub.
However, the Chinese app Zhumu has not yet released a patch for their software, but users can still uninstall the server following the same terminal commands.
Update: Apple Update Removes Vulnerable Server Installed By 10 Zoom-Powered Software
Security researcher Karan confirmed The Hacker News that there are a total of 10 rebranded versions of Zoom software, listed below, available in the market, including RingCentral
Zhumu.
All these video conferencing software work in the way and contain the same vulnerabilities, leaving their users at risk of remote hacking as well.
- RingCentral
- Zhumu
- Telus Meetings
- BT Cloud Phone Meetings
- Office Suite HD Meeting
- AT&T Video Meetings
- BizConf
- Huihui
- UMeeting
- Zoom CN
Karan also confirmed that Apple's latest silent MTR (Malware Removal Tool) update 1.46 removes the vulnerable web server installed on users' Mac computers by any of the software as mentioned above.
