As Buzzfeed reports, security researcher Karan Lyons published evidence of yet more video conferencing apps that could be maliciously opened with their cameras turned to a security flaw. The apps this time are called RingCentral and a Chinese app called Zhumu. If you are a Mac user that has ever installed either app and then visited a malicious website, it would be possible for code embedded in an iframe to automatically open up a video conference that turns your webcam on. Both actually use Zoom's technology behind the scenes ̵
If you are a user of RingCentral, you should update your app ASAP, as the latest patch includes a fix for this issue. If you are a former user, then you are going to need to do a little more work to check your computer. Like Zoom before, RingCentral installed a daemon on your computer that lists for remote calls and is not removed in a typical uninstall process. Lyons has published fixes for these apps on GitHub, and as before they involve some terminal commands. its mind and updated its own software to do the same. Apple's intervention was probably necessary because without it, users who had uninstalled the Zoom app would never have received Zoom's update that removes the leftover daemon. Lyons says it's likely that other white-labeled Zoom apps could have the same problem. RingCentral (and Zhumu, and most likely all of Zoom's white labels) are vulnerable to another, slightly different, RCE.
CVE-2019-13576 & CVE-2019-13586
How to protect yourself: https://t.co/FVkyBM1efB c66hvGb1wm
– Karan Lyons (@karanlyons) July 15, 2019
We've reached out to Apple to see if it intends to repeat itself and issue updates for RingCentral and Zhumu. Speaking to Buzzfeed in RingCentral spokesperson said that the company has "taken immediate steps to mitigate these vulnerabilities for any customers who could be affected," but that to the company's knowledge the security flaw has not been exploited in the wild.