Following the revelation of a Zoom security vulnerability that potentially let hackers break into users’ webcams, similar problems have been found in two other video chat apps.
The conferencing services in question are RingCentral and Zhumu. The flaw means that malicious websites could potentially open up secret video conferences with anyone who has installed the apps.
Both services use Zoom’s technology. RingCentral already issued an emergency patch to solve the vulnerability. It also advises users not to click meeting links from any sources they don’t recognize.
As far as we’re aware, there’s currently no officially released Zhumu patch.
The Zoom vulnerability
The Zoom vulnerability was discovered by security researcher Jonathan Leitschuh. He noted that, “Any website [could] forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.”
Zoom hastily released a fix, which required users to update the software. Shortly thereafter, Apple issued its own patch to remove the vulnerability, without users needing to do anything.
Via: TNW