Zhumu vulnerability and remediation

As more security researchers look into the Zoom vulnerability issue, it now appears that Zhumu (Zoom’s affiliate for China) has a client for macOS with the same local webserver vulnerability as that previously discovered for Zoom’s and RingCentral’s clients for macOS.

Note that Zhumu, the Chinese version of Zoom (same app, just runs from China servers) is equally vulnerable. Process is ZhumuOpen, port is 19433 – Hope someone pushes them to fix that, too.

— Steve Mushero (@stevemushero) July 9, 2019

For those wanting to manually remediate for all three clients, the following commands can be run:

	pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus;
	pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;
	pkill "ZhumuOpener"; rm -rf ~/.zhumuopener; touch ~/.zhumuopener && chmod 000 ~/.zhumuopener;

view raw

gistfile1.txt

hosted with ❤ by GitHub

The question at this point is: how many more Zoom variants are there out there? I hadn’t previously been aware of Zhumu or of Zoom’s business relationship with this company. Are there more?

I’ve updated my fix_zoom_vulnerability script to also address the Zhumu client. For more details, please see below the jump.

Read more…