Select Page

The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software.

Security researchers confirmed The Hacker News that RingCentral, used by over 350,000 businesses, and Zhumu, a Chinese version of Zoom, also runs a hidden local web server on users’ computers, just like Zoom for macOS.

The controversial local web server that has been designed to offer an automatic click-to-join feature was found vulnerable to remote command injection attacks through 3rd-party websites.

Security researcher Jonathan Leitschuh initially provided a proof-of-concept demonstrating how the vulnerable web server could eventually allow attackers to turn on users laptop’s webcam and microphone remotely.

The flaw was later escalated to remote code execution attack by another security researcher, Karan Lyons, who has now published a new video demonstration confirming the same RCE flaw in RingCentral and Zhumu for macOS users.

images from Hacker News