Mitigating Zoom and RingCentral Zero-day Vulnerabilities with Addigy

Vulnerability Overview

On Monday, July 8th, 2019, a Zero-day vulnerability was announced by Security Researcher, Jonathan Leitschuh, that explained how Zoom and RingCentral meetings applications can allow any website to forcibly join a user to a Zoom/RingCentral meeting and activate their video camera, with no end-user approval required.

Find Jonathan’s full writeup on the vulnerability here. You are welcome ?.

Update Note 7/10/2019: Apple pushes silent and automatic upgrade to macOS Devices. More info here.

Update Note 7/9/2019: Zoom has recommended to update to their latest version (4.4.53932.0709) for the latest version that fixes this vulnerability.

How To Protect Your Devices

1. Disable your webcam in Zoom/RingCentral meetings and/or use a webcam cover if you don’t have one:

2. Copy the Addigy community script “Patch Zoom vulnerability” and instantly deploy it across your fleet:

P.S. Big thank you to Addigy community member @Shawn Maddock for the script submission!

Now What?

Zoom is a widely-adopted, remote meeting solution used by organizations around the world. Balancing the need for user privacy and security with convenient features, such as shareable remote meeting links, has become highly challenging. Addigy can help you identify and mitigate the risks associated with this vulnerability, as well as many others. Our Custom Scripts and Custom Facts engine allows you to easily collect any device data that can then be used to send alerts and trigger automated remediation.

Creating a Seamless On-Boarding Experience with Google Single Sign-On

As the catalog of cloud platforms continues to expand every year, the importance of Single Sign-On (SSO) becomes ever more important. Without SSO, we find users trying to manage multiple passwords and identities across various platforms and with several login options throughout, the possibilities of passwords being compromised along with IT support requests to recover/reset passwords increase. The Addigy team is pleased to announce our SSO integration with one of the world’s most successful and utilized identity solutions: Google.

SAML 2.0

At the heart of every SSO experience is strong and secure technology. Security Assertion Markup Language 2.0 (SAML 2.0), is used for exchanging authorization and authentication data between Identity Providers (IdPs) such as Google Suite, and Service Providers (SPs) such as Addigy. SAML 2.0 enables a cross-domain SSO by leveraging an XML-based protocol that uses security tokens and assertions to send information about a user from the IdP to the SP. This process reduces the need for administrators to manage multiple passwords/tokens for a single user. The user can instead leverage their Identity Provider credentials to authenticate across multiple Service Providers.

Single Sign-On

With the introduction of our latest feature, your team will be able to log directly into the Addigy console without having to set up a password! Once configured, your admins can simply click on the Addigy icon from their Identity Provider Apps page and they will be immediately redirected into the Addigy console. No additional steps required—it’s that easy.

Easy Onboarding with JIT Provisioning

Once admins attempt SSO into Addigy, we first check if that email is already assigned to an organization, and if so, we simply log you into that organization so you can get straight to work. If your account has not yet been created, don’t fret, Addigy will recognize that the user account does not exist and it will create it for you, Just-In-Time! You’ll spend less time juggling user identities and more time pursuing business objectives. Onboarding has never been more simple!

Identity Lifecycle Management

Addigy’s introduction of Google SSO is only the first step in supporting your Identity Lifecycle Management. It is the key to be able to onboard new admins rapidly, keep their login data synced across various platforms, distribute privileges, and deauthorize them just as fast. Onboarding new admins into Addigy has never been this smooth.

Want to learn more? Check out our Knowledge Base Article to get more information on configuring Single Sign-On for your organization.

Google SSO is just another way Addigy facilitates your Apple device management. Apple better with Addigy – FREE for 14 days!

Are You Prepared for Chrome Dropping Support for HTML Imports?

It’s the end-of-the-road for HTML Imports, one of the main components of Polymer 1 and 2. We’ve migrated to Vue.js. Here’s why…

Polymer’s Beginnings

On May 29th, 2015, Google officially introduced Polymer to the world. Developed by Google engineers, Polymer was an open-source library for creating web applications which allowed the use of web components. Polymer provided a way for developers to easily create custom HTML elements with both one and two-way data binding, computed properties, and HTML imports. Polymer was widely adopted by the SaaS community. The new version of Chrome (version 73) will no longer support HTML imports and Google has been notifying developers that HTML imports are deprecated. A lot of software written in Polymer 1 and 2 took advantage of Chrome’s support of HTML imports, and those will no longer work natively.

What This Means for You & Your Organization?

Polymer became popular when it was introduced, and many web-based platforms were written in it to take advantage of HTML imports. These included on-premise web platforms and large cloud platforms that cannot easily shift their infrastructure… this means your organization is likely at risk of web tools that will stop working next month.

Addigy has spent thousands of engineering hours making the architectural enhancements to migrate off of Polymer to ensure the best transition for our customers.  Although not every javascript platform uses Polymer 1 or 2, many do, and it has not been widely marketed that HTML Imports will not be supported later this month.  One of the few ways to know is leveraging the Google Chrome Console which posts a blunt warning of components that will be deprecated:

The End-of-the-Line for Polymer

In October 2018, Google made a shaking announcement to the Polymer development world: Polymer would no longer support HTML imports and other core features, making any older Polymer projects inoperable in the future unless they included a polyfill. The end of Polymer was set for late March of 2019, and the race to migration began.

Out with the Old, In with the Vue

With Google’s announcement, we recognized that the conclusion of Chrome’s support for HTML imports was also the opportunity for development. The Addigy team prioritized the migration of our Polymer components into Vue, not only to safeguard our platform but to advance it as well. With the implementation of Vue, we now have a faster, more robust solution for building new features into Addigy – with the added benefit of much-improved UI/UX for our customers.

Benefits of Vue

The Vue library sits at a remarkably compact 20KB! That’s a 97% decrease from the Polymer framework. Maintaining a small size is crucial: this allows for rapid development, provides a more responsive user interface, and enables a more nimble experience when using Addigy on mobile devices.

The Vue framework leverages ES6 modules instead of HTML imports. This makes Addigy confident in Vue being supported across all browsers for many years to come. Vue’s flexibility allowed for seamless integration into our current platform while offering continued support of the web component structure we have grown to love.

New MDM Configurations

To kick-off the new Vue framework, we are pleased to announce support of two new MDM configurations built with Vue:

  • Login Items: Define applications to automatically launch at login
  • Finder:  Control Finder actions such as disk burning and drive visibility on the desktop

 

Our goal is to constantly innovate with our customers in mind.  Our Vue migration is yet another way you can Apple better with Addigy. Try all of our leading-edge features  FREE for 14 days!

Bye-bye Bandwidth Draining, Hello LANCache

High Availability Caching

As IT Admins, pushing hundreds of files to the machines that we manage is all too familiar. Feeding these large files, such as those from Adobe and Microsoft Office Suite, can cause us to tax the bandwidth of our sites. While some sites enjoy the luxury of unlimited 1Gb download speeds, other sites suffer from not only slower speeds, but have a data usage cap they must stay within to avoid surplus charges. Addigy prioritizes keeping costs low and large deployments efficient, which is why we are delighted to announce improvements to our zero-touch, high-availability caching utility: Addigy LANCache.

Save your Bandwidth and Increase Deployment Efficiency

Addigy’s LANCache does not require you to trade the speed or efficiency of your deployments to save bandwidth on your site. LANCache allows all Addigy-enabled machines on your network to share files through the LAN, instead of reaching out of the network and draining that valuable bandwidth. LANCache uses an industry-first algorithm to identify the best machines for caching on the network, does not require a dedicated caching server, and finds the optimum routes for file distribution to increase download speeds across all file deployments. If this didn’t convince you yet, just keep reading below for even more awesome features.

Forget your Static Caching Server

Addigy’s LANCache requires zero configuration to get started and comes at no extra cost for Addigy customers. Yes, you read that right! Our premier algorithm weighs all machines on the network by hardware specs, speed tests, and custom values that you can set to dictate which machine should be used as the primary caching server.

Smart Fallback

Because we use a weighted algorithm approach, you never have to worry about your static server dying on you and your devices reaching outside of the network. Addigy’s LANCache will simply find the next best machine on the network to use as a caching server. It’s that simple.

No Dedicated Machine Needed

Dedicated machines to handle caching are a thing of the past. With Addigy LANCache, all your machines work together to bring you the low-cost and high-efficiency that your network needs.

More details on managing the Addigy LANCache utility.

Save bandwidth and increase deployment efficiency with Addigy LANCache included at no extra cost.

Try us FREE for 14 days and see how you can Apple better with Addigy.