Mitigating Zoom and RingCentral Zero-Day Vulnerabilities

Joel Cedano | 08/16/2019

Vulnerability Overview

On Monday, July 8th, 2019, a Zero-day vulnerability was announced by Security Researcher, Jonathan Leitschuh, that explained how Zoom and RingCentral meetings applications can allow any website to forcibly join a user to a Zoom/RingCentral meeting and activate their video camera, with no end-user approval required.

Find Jonathan’s full writeup on the vulnerability here. You are welcome ?.

Update Note 7/10/2019: Apple pushes silent and automatic upgrade to macOS Devices. More info here.

Update Note 7/9/2019: Zoom has recommended to update to their latest version (4.4.53932.0709) for the latest version that fixes this vulnerability.

How To Protect Your Devices

1. Disable your webcam in Zoom/RingCentral meetings and/or use a webcam cover if you don’t have one:

2. Copy the Addigy community script “Patch Zoom vulnerability” and instantly deploy it across your fleet:

P.S. Big thank you to Addigy community member @Shawn Maddock for the script submission!

Now What?

Zoom is a widely-adopted, remote meeting solution used by organizations around the world. Balancing the need for user privacy and security with convenient features, such as shareable remote meeting links, has become highly challenging. Addigy can help you identify and mitigate the risks associated with this vulnerability, as well as many others. Our Custom Scripts and Custom Facts engine allows you to easily collect any device data that can then be used to send alerts and trigger automated remediation.

Related Posts

Growing organizations and businesses must overcome numerous challenges associated with scaling their needs. This process includes regularly recruiting and hiring new employees, in addition to keeping up with the technology requirements of those new staff members. Whether you want to […]
Today’s IT managers and admins have a lot of boxes to check if they want to help an organization grow and scale. Managing devices, employee credentials and identification, and security processes are top priorities for enterprise business. With Apple ID […]
Keeping track of IT and technological assets within an organization is a huge undertaking, particularly as the digital world continually expands. While every workplace is unique in its approach to operations, most businesses want to keep tabs on essential things […]