Mitigating Zoom and RingCentral Zero-day Vulnerabilities with Addigy

Vulnerability Overview

On Monday, July 8th, 2019, a Zero-day vulnerability was announced by Security Researcher, Jonathan Leitschuh, that explained how Zoom and RingCentral meetings applications can allow any website to forcibly join a user to a Zoom/RingCentral meeting and activate their video camera, with no end-user approval required.

Find Jonathan’s full writeup on the vulnerability here. You are welcome ?.

Update Note 7/10/2019: Apple pushes silent and automatic upgrade to macOS Devices. More info here.

Update Note 7/9/2019: Zoom has recommended to update to their latest version (4.4.53932.0709) for the latest version that fixes this vulnerability.

How To Protect Your Devices

1. Disable your webcam in Zoom/RingCentral meetings and/or use a webcam cover if you don’t have one:

2. Copy the Addigy community script “Patch Zoom vulnerability” and instantly deploy it across your fleet:

P.S. Big thank you to Addigy community member @Shawn Maddock for the script submission!

Now What?

Zoom is a widely-adopted, remote meeting solution used by organizations around the world. Balancing the need for user privacy and security with convenient features, such as shareable remote meeting links, has become highly challenging. Addigy can help you identify and mitigate the risks associated with this vulnerability, as well as many others. Our Custom Scripts and Custom Facts engine allows you to easily collect any device data that can then be used to send alerts and trigger automated remediation.

Addigy Community Center: Your One-Stop Hub for Evolving the Apple IT Ecosystem

Introducing Addigy’s Community Center

If you attended the Addigy Summit last month in Miami, you got a sneak peek under the Addigy product hood. If you missed the Summit, first, we hope you can join us next year, and second, buckle up because you’re in for a ride.

We’ve officially launched our Community Center in the Addigy platform—an arena of open source queries and scripts that users can leverage to create powerful monitoring and remediation workflows. We’re calling these Custom Device Facts and Scripts.

What are Custom Device Facts and Scripts?

A device fact is data that pertains to the devices in your environment, such as disk storage information, T2 Security Chip inventory count, or OS version. A custom device fact is the command that queries that information.

Scripts are actions that can be used in conjunction with your device facts, the “if this (fact), then do this (script)”. To pair a script with a fact, you’ll need to set up an alert.

Alerts allow you to create custom workflows with your device facts and scripts. With alerts, you can take action to manage and remediate your dynamic inventories.

Getting Started With a Few Use-Cases

You may find it useful to check your inventory of devices and see how many of them have an MDM profile locally enrolled (we sure do!). With the Has MDM script (fact) in the Community section of your Addigy account, you can automatically copy the code into your own catalog with a push of a button. Want to redeploy your MDM profile and prompt the end-user to approve it (script)? Just one more push of a button.

-or-

Check the firewall status of your users (fact) and enforce firewall policies for those out of compliance (script).

-or-

Monitor for malicious Google Chrome extensions (fact) and quarantine suspicious devices off of the network (script).

Coupled with systematic alerts, you’re wielding some serious power while saving valuable time.

Now That We’ve Primed the Canvas, Let’s See Your Work!

Wherever you are in your journey with Apple device management, you can immediately take advantage of Addigy’s Custom Device Facts and Scripts. The Community Center makes it extremely easy to begin creating and sharing Custom Device Facts and Scripts within the network of MacSysAdmins. Every item that’s available to copy goes through an approval process before it’s posted and has its own distinct and shareable link. Users are even able to rank and comment on posts making them easier for you to sort through and use.

At our summit, we challenged attendees to roll up their sleeves, dig-in to the Community Center, and start creating a library of sharable resources (admittedly, we dangled a carrot by offering a set of AirPods for the most engaging post). Now we’re looking at you. We’re giving away an iPad to the creator of the most copied Community fact or script this month. You’ve got through the end of April, so get coding!

Come check out the Community Center and all the other perks Addigy has to offer! Whether creating your own scripts or borrowing from others, automating workflows will save you time by offering endless customization options.

Apple better with Addigy – FREE for 14 days