Apple은 조용히 macOS를 다시 한 번 업데이트, Zoom 취약점 제거

ment 7/17 '19 posted 뉴스

• Zoom, RingCentral 또는 Zhumu를 제거해도 전용 웹 서버인 보조 소프트웨어는 제거되지 않습니다.

• 문제가 되고 있던 것은 타사 응용 프로그램을 시작할 때 Apple이 사용자의 승인을 필요로 하도록 구현한 새로운 팝업으로, Zoom은 이것을 피하고 싶었습니다.

• 이는 애플이 불쾌한 소프트웨어를 제거할 수있는 최상의 위치에 있다는 것을 의미합니다.

• Apple은 7 월 10 일에 Zoom의 추가 소프트웨어를 제거하기위한 최초의 자동 패치를 발표했습니다. 오늘의 업데이트는 본질적으로 동일한 완화의 일부입니다.

• Apple은 RingCentral 및 Zhumu가 자동으로 설치한 소프트웨어를 제거하기 위해 Mac에 조용한 보안 업데이트를 보냈다고 알려 왔습니다.

Apple is silently updating Macs again to remove insecure software from Zoom’s partners [www.theverge.com]

Zoom Spying Vulnerability: The Plot Thickens [securityboulevard.com]

Apple silently updates macOS again to address Zoom's insecure software in partner apps [www.idownloadblog.com]

Apple silently updates the macOS to remove the vulnerabilities by Zoom [appleosophy.com]

Apple pushes macOS update to thwart RingCentral and Zhumu [9to5mac.com]

Apple Pushes Another Automatic Mac Software Update to Address Further Zoom-Related Vulnerabilities [www.macrumors.com]

Apple is Quietly Updating Macs to Remove Software Installed by RingCentral, Zhumu [www.iphoneincanada.ca]

RingCentral And Zhumu Customers Were Also Affected By The Vulnerability Allowing Hackers To Hijack Your Mac's Camera [www.buzzfeednews.com]

Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu [thehackernews.com]

Apple is silently updating Macs again to remove insecure software from Zoom’s partners [www.theverge.com]

Zoom's scary webcam flaw also affects RingCentral and Zhumu [thenextweb.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

7/17 '19 answered

Zhumu has not yet released an update. Apple's silent automatic update, released July 10, does not remove RingCentral + Zhumu servers from Macs.
— nic nguyen (@itsnicolenguyen) July 15, 2019

RingCentral has an update patching the vuln users need to accept. If you've uninstalled RingCentral in the past, there's no easy way to remove the hidden web server. Lyons has detailed a technical fix here: https://t.co/oVb6KqAm9V
— nic nguyen (@itsnicolenguyen) July 15, 2019

RingCentral (and Zhumu, and likely all of Zoom’s white labels) are vulnerable to another, slightly different, RCE. They are not automatically removed by Apple.

CVE-2019-13576 & CVE-2019-13586

Follow these instructions to protect yourself: https://t.co/FVkyBM1efB pic.twitter.com/c66hvGb1wm
— Karan Lyons (@karanlyons) July 15, 2019

https://twitter.com/karanlyons/status/1150774712546385920

#PublicDisclosure of an #RCE in @RingCentral and Zhumu, both are white labels of @zoom_us.

All other @zoom_us white labels are assumed to be vulnerable.

These are not yet removed by @Apple. https://t.co/I47hV3Rb8t
— Jonathan Leitschuh (@JLLeitschuh) July 15, 2019

That Zoom vulnerability that allows attackers to initiate a video-enabled call without user consent? It affects RingCentral and Zhumu customers (both license Zoom) too, researcher @karanlyons found. https://t.co/ldNITQu3lP
— nic nguyen (@itsnicolenguyen) July 15, 2019

The Zoom saga continues. Turns out there are whitelabel apps that use its tech like RingCentral. Apple is silently and automatically patching Macs to patch partner software like it. https://t.co/frvyyaK6Oi
— Dieter Bohn (@backlon) July 16, 2019

Apple is silently updating Macs again to remove insecure software from Zoom’s partners https://t.co/BDi1agbVKk pic.twitter.com/lJjACwQlvS
— The Verge (@verge) July 16, 2019

A) I use Linux B) Only my phone has a camera (for security, several of Dell's business laptops can be ordered without a webcam) C) I hate elites and walled-garden communities: Zoom Spying Vulnerability: The Plot Thickens - Security Boulevard @RiCHi https://t.co/ktRo2qy2Iz
— Christine Hall (@BrideOfLinux) July 16, 2019

Last week, we learned that the @Zoom_us app for #macOS has a nasty bug, allowing a hacker to spy on you. But now we find there are white-label versions that come with the same bug.?

In today’s #SBBlogwatch at @securityblvd, we switch off all the Macs: https://t.co/6CFDtssYIU
— @Richi Jennings (@RiCHi) July 16, 2019

Apple confirmed to BuzzFeed News that it had released another silent update to Macs patching the vulnerability affecting Zoom's partner apps, incl. RingCentral + Zhumu https://t.co/LW71ah4K89
— nic nguyen (@itsnicolenguyen) July 16, 2019

Not Just #Zoom video conferencing software… it’s popular white-labelled rebranded versions — #RingCentral and Zhumu — also install a hidden local web-server on #macOS systems, which are also vulnerable to RCE and WebCam #privacy flawshttps://t.co/JLPTqz01of

PoC Video Released pic.twitter.com/osLtxludkO
— Swati Khandelwal (@Swati_THN) July 16, 2019

A vulnerable web server that gets automatically installed during the setup of certain #Video-#Conference-#Software can allow attackers to turn on users laptop's #Webcam and #Microphone remotely!

An #Alexa with additional video-function, so to say!https://t.co/tHgcBMj6lQ
— Pirate Security Conference (@PirateSecon) July 16, 2019

Zoom’s video conferencing security flaw also applies to RingCentral and Zhumu https://t.co/0tzYMPxe2X pic.twitter.com/aYouoz1DuI
— The Verge (@verge) July 15, 2019

Zoom's scary webcam flaw also affects RingCentral and Zhumu https://t.co/sjQPkZkN7I
— TNW (@thenextweb) July 16, 2019

Zoom's scary webcam flaw also affects RingCentral and Zhumu https://t.co/tInwR3czER
— TNW (@thenextweb) July 16, 2019

permanent link

Open Wiki - Feel free to edit it. -

7/17 '19 answered

Apple은 조용히 macOS를 다시 한 번 업데이트, Zoom 취약점 제거 https://t.co/PTdxNNJrIh
• Apple은 RingCentral 및 Zhumu가 자동으로 설치한 소프트웨어를 제거하기 위해 Mac에 조용한 보안 업데이트를 보냈다고 알려 왔습니다.
— editoy (@editoy) July 17, 2019

Apple is silently updating Macs again to remove insecure software from Zoom’s partners https://t.co/BDi1agbVKk pic.twitter.com/m49T0TCSf8
— The Verge (@verge) July 17, 2019

Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu https://t.co/ZMy3nGRTxA #Infosec pic.twitter.com/U76eGwK5ER
— #AI (@AI__TECH) July 16, 2019

Zoom’s video conferencing security flaw also applies to RingCentral and Zhumu #tech #irishbiz https://t.co/Dbgkesm6tF
— Trish Hegarty (@iniscomm) July 16, 2019

Zoom's scary webcam flaw also affects RingCentral and Zhumu https://t.co/n0weToV3he
— TNW (@thenextweb) July 17, 2019

Zoom's scary webcam flaw also affects RingCentral and Zhumu https://t.co/q13B7QxxFL
— TNW (@thenextweb) July 17, 2019

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.