Mitigating Zoom and RingCentral Zero-Day Vulnerabilities

Joel Cedano
August 16, 2019

Vulnerability Overview

On Monday, July 8th, 2019, a Zero-day vulnerability was announced by Security Researcher, Jonathan Leitschuh, that explained how Zoom and RingCentral meetings applications can allow any website to forcibly join a user to a Zoom/RingCentral meeting and activate their video camera, with no end-user approval required.

Find Jonathan’s full writeup on the vulnerability here. You are welcome ?.

Update Note 7/10/2019: Apple pushes silent and automatic upgrade to macOS Devices. More info here.

Update Note 7/9/2019: Zoom has recommended to update to their latest version (4.4.53932.0709) for the latest version that fixes this vulnerability.

How To Protect Your Devices

1. Disable your webcam in Zoom/RingCentral meetings and/or use a webcam cover if you don’t have one:

2. Copy the Addigy community script “Patch Zoom vulnerability” and instantly deploy it across your fleet:

P.S. Big thank you to Addigy community member @Shawn Maddock for the script submission!

Now What?

Zoom is a widely-adopted, remote meeting solution used by organizations around the world. Balancing the need for user privacy and security with convenient features, such as shareable remote meeting links, has become highly challenging. Addigy can help you identify and mitigate the risks associated with this vulnerability, as well as many others. Our Custom Scripts and Custom Facts engine allows you to easily collect any device data that can then be used to send alerts and trigger automated remediation.

We all know that malware is on the rise and that it’s worse for Mac users than ever before. But do you know how you can leverage your mobile device management (MDM) tools to meet the security objectives these state regulators have laid out? Let’s dig into their high-level recommendations and how you can improve your Apple device security while at a time when much of your company is still working remotely.
Whether your team has been pushed to work from home due the COVID-19 pandemic or you’re looking to expand your remote […]
Bad news first: a new report on the State of Malware shows that Mac malware is outpacing malware on PCs for […]