As more security researchers look into the Zoom vulnerability issue, it now appears that Zhumu (Zoom’s affiliate for China) has a client for macOS with the same local webserver vulnerability as that previously discovered for Zoom’s and RingCentral’s clients for macOS.
For those wanting to manually remediate for all three clients, the following commands can be run:
The question at this point is: how many more Zoom variants are there out there? I hadn’t previously been aware of Zhumu or of Zoom’s business relationship with this company. Are there more?
I’ve updated my fix_zoom_vulnerability script to also address the Zhumu client. For more details, please see below the jump.
The script is available below and on my GitHub repo:
https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/fix_zoom_vulnerability
This script is also available as a payload-free package on my GitHub repo, available for download from the payload_free_package directory available from the link above.