3CX DesktopApp Security Alert

We regret to inform our partners and customers that our Electron Windows App shipped in Update 7, version numbers 18.12.407 & 18.12.416, includes a security issue. Anti Virus vendors have flagged the executable 3CXDesktopApp.exe and in many cases uninstalled it. Electron Mac App version numbers 18.11.1213 shipped with Update 6, and 18.12.402, 18.12.407 & 18.12.416 in Update 7 are also affected.

The issue appears to be one of the bundled libraries that we compiled into the Windows Electron App via GIT. We’re still researching the matter to be able to provide a more in depth response later today. Here’s some information on what we’ve done so far.

Domains Have Been Taken Down
The domains contacted by this compromised library have already been reported, with the majority taken down overnight. A github repository which listed them has also been shut down, effectively rendering it harmless.

Worth mentioning – this appears to have been a targeted attack from an Advanced Persistent Threat, perhaps even state sponsored, that ran a complex supply chain attack and picked who would be downloading the next stages of their malware. The vast majority of systems, although they had the files dormant, were in fact never infected.

New Windows App in Progress
Currently, we’re working on a new Windows App that does not have the issue. We’ve also decided to issue a new certificate for this app. This will delay things by at least 24 hours so please bear with us.

Use the PWA App Instead!
We strongly suggest that you use our PWA app instead. The PWA app is completely web based and does 95% of what the electron app does. The advantage is that it does not require any installation or updating and chrome web security is applied automatically.

The reason we have two apps is that when we started the Electron App, the PWA technology was not available yet. Now it’s mature and working really well. More information on how to install it here.

We Are So Sorry
In the meantime we apologize profusely for what occurred and we will do everything in our power to make up for this error.

https://www.3cx.com/blog/news/desktopapp-security-alert/

About Telecoms-Channel

Telecoms-Channel.co.za is your one-stop source for the latest news and insights from the telecoms industry in South Africa, so that you get comprehensive coverage of the industry and keep up with the ever-evolving market landscape.

Whether you need to understand market trends, identify new opportunities, or stay informed of the latest developments, we have you covered. Check our favourite content here.

In addition to bringing the best news together, we have access to an extensive supplier network that makes it easy for any telecoms company looking to tap into new markets or enter the telecoms industry. With the comprehensive range of solutions available in the market, we help you to find the perfect combination to suit your business.

Take advantage of our expertise and contact us today to find your next partner!

About Telecoms-Channel

Telecoms-Channel.co.za is your one-stop source for the latest news and insights from the telecoms industry in South Africa, where you get comprehensive coverage of the industry and keep up with the ever-evolving market landscape.

Whether you need to understand market trends, identify new opportunities, or stay informed of the latest developments, we have you covered.

In addition to bringing the best news together, we have access to an extensive supplier network that makes it easy for any telecoms company looking to tap into new markets or enter the telecoms industry. Take advantage of our expertise and contact us today to find your next partner!

Other posts you might be interested in

Cloud PBX Solutions

Request Once, Get Multiple Quotes - Save Thousands!