-
-
Save rtrouton/c6babd016cc0b03d4d90f401973fbd4a to your computer and use it in GitHub Desktop.
Script to fix the Zoom vulnerability described in CVE-2019-13450: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13450
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# The script is designed to address the Zoom vulnerabilities described in CVE-2019–13450: | |
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13450 | |
# | |
# In the Zoom Client through 4.4.4, RingCentral 7.0.136380.0312 and Zhumu 4.2.137102.0612 on macOS, | |
# remote attackers can force a user to join a video call with the video camera active. | |
# This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. | |
# | |
# NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. | |
# Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, | |
# deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file. | |
# | |
# The script performs the following actions: | |
# | |
# Stops the ZoomOpener, RingCentralOpener and ZhumuOpener processes for the logged-in user. | |
# | |
# Sets /Library/Preferences/us.zoom.config.plist to disable Zoom video auto-connection | |
# | |
# Checks the existing user folders in /Users for the presence of the Library/Preferences directory. | |
# Once the Library/Preferences directory is located, script sets the individual users' | |
# ~/Library/Preferences/us.zoom.config.plist to disable Zoom video auto-connection. | |
# | |
# Next, the script checks for the presence of the .zoomus, .ringcentralopener | |
# the .zhumuopener directories in users' home folders. | |
# If these directories are detected, the following actions take place: | |
# | |
# If present, the .zoomus directory is deleted. | |
# A file named .zoomus is created. | |
# The .zoomus file is set to be unreadable and unwritable. | |
# The .zoomus file is set to be owned by the owner of the home folder. | |
# | |
# If present, the .ringcentralopener directory is deleted. | |
# A file named .ringcentralopener is created. | |
# The .ringcentralopener file is set to be unreadable and unwritable. | |
# The .ringcentralopener file is set to be owned by the owner of the home folder. | |
# | |
# If present, the .zhumuopener directory is deleted. | |
# A file named .zhumuopener is created. | |
# The .zhumuopener file is set to be unreadable and unwritable. | |
# The .zhumuopener file is set to be owned by the owner of the home folder. | |
# Checks to see if any user accounts are currently logged into the console (AKA logged into the GUI via the OS loginwindow) | |
users_logged_in_at_loginwindow=$(who | grep console) | |
# If a user is logged in, stop the existing ZoomOpener, RingCentralOpener, and | |
# ZhumuOpener processes for the logged-in user. | |
if [[ -n "$users_logged_in_at_loginwindow" ]]; then | |
# Identify the logged-in user | |
logged_in_user=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }') | |
# Identify the UID of the logged-in user | |
logged_in_user_uid=$(id -u "$logged_in_user") | |
/bin/launchctl asuser "$logged_in_user_uid" /usr/bin/pkill "ZoomOpener" | |
/bin/launchctl asuser "$logged_in_user_uid" /usr/bin/pkill "RingCentralOpener" | |
/bin/launchctl asuser "$logged_in_user_uid" /usr/bin/pkill "ZhumuOpener" | |
else | |
echo "No user accounts are logged in at the login window." | |
fi | |
# Applies setting to /Library/Preferences/us.zoom.config.plist to | |
# prevent Zoom from auto-connecting to video request. | |
/usr/bin/defaults write /Library/Preferences/us.zoom.config.plist ZDisableVideo 1 | |
# This function applies the deletion, creation and ownership changes for the | |
# .zoomus, .ringcentralopener and .zhumuopener directories. | |
StopZoomWebServer () { | |
if [[ -d "${USER_HOME}"/"$stop_zoom_local_webserver" ]]; then | |
/bin/rm -rf "${USER_HOME}"/"$stop_zoom_local_webserver" | |
/usr/bin/touch "${USER_HOME}"/"$stop_zoom_local_webserver" | |
/bin/chmod 000 "${USER_HOME}"/"$stop_zoom_local_webserver" | |
/usr/sbin/chown "${USER_UID}" "${USER_HOME}"/"$stop_zoom_local_webserver" | |
fi | |
} | |
for USER_HOME in "/Users"/* | |
do | |
USER_UID=`basename "${USER_HOME}"` | |
if [ ! "${USER_UID}" = "Shared" ]; then | |
if [[ -d "${USER_HOME}"/Library/Preferences ]]; then | |
/usr/bin/defaults write "${USER_HOME}"/Library/Preferences/us.zoom.config.plist ZDisableVideo 1 | |
/usr/sbin/chown "${USER_UID}" "${USER_HOME}"/Library/Preferences/us.zoom.config.plist | |
fi | |
stop_zoom_local_webserver=".zoomus" | |
StopZoomWebServer | |
stop_zoom_local_webserver=".ringcentralopener" | |
StopZoomWebServer | |
stop_zoom_local_webserver=".zhumuopener" | |
StopZoomWebServer | |
fi | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment