RingCentral and Zhumu video conferencing services have the same critical vulnerability as Zoom

Security researcher Karan Lyons reported a serious vulnerability in RingCentral video conferencing services (used by 350,000 organizations) and Zhumu (in fact, it is Chinese version of Zoom).

“RingCentral (and Zhumu, and likely all of Zoom’s white labels are vulnerable to another, slightly different, RCE. They are not automatically removed by Apple”, — reported Karan Lyons.

Both RingCentral and Zhumu use a licensed Zoom technology, in which was previously discovered a vulnerability. This enables a webcam without permission and connect a user to the Zoom video conference.

As in the case of Zoom, RingCentral installed a service on the computer that listened to calls and was not deleted during the usual uninstall of the application.

On July 9, Zoom released an update of its software, partially correcting the bug. On July 10, Apple released an automatic update for Mac computers that removes the hidden Zoom web server. Lyons suggested that a similar problem could arise in other applications using Zoom, so he published a fix for all three programs on GitHub.