RingCentral and Zhumu video conferencing services have the same critical vulnerability as Zoom

Security researcher Karan Lyons reported a serious vulnerability in RingCentral video conferencing services (used by 350,000 organizations) and Zhumu (in fact, it is Chinese version of Zoom).

Thanks to it, attackers could gain access to cameras and microphones of laptops.

RingCentral (and Zhumu, and likely all of Zoom’s white labels are vulnerable to another, slightly different, RCE. They are not automatically removed by Apple”, — reported Karan Lyons.

Both RingCentral and Zhumu use a licensed Zoom technology, in which was previously discovered a vulnerability. This enables a webcam without permission and connect a user to the Zoom video conference.

As in the case of Zoom, RingCentral installed a service on the computer that listened to calls and was not deleted during the usual uninstall of the application.

On July 9, Zoom released an update of its software, partially correcting the bug. On July 10, Apple released an automatic update for Mac computers that removes the hidden Zoom web server. Lyons suggested that a similar problem could arise in other applications using Zoom, so he published a fix for all three programs on GitHub.

RingCentral has released an update 7.0.151508.0712 for macOS, correcting the flaw. Zhumu has not released a patch to fix the vulnerability.
[Total: 0    Average: 0/5]
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Iranian hackers use ZeroCleare

Iranian hackers used new ZeroCleare malware

IBM experts have revealed a new malware ZeroCleare, which created and used Iranian hackers. ZeroCleare …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.