OfficeSuite HD Meeting MAC User Security Issue Update.

WindstreamEnterprise

Zoom is our underlying platform partner for our OfficeSuite HD Meeting service, and a recent article raised concerns about Zoom and Zoom software partners' video experience. The author's concern is whether an attacker is able to trick targeted OfficeSuite HD Meeting MAC users into clicking a web link to the attacker’s OfficeSuite HD Meeting URL. If tricked, the target user could unknowingly join the attacker’s OfficeSuite HD Meeting session, allowing the attacker to view their webcam.
 
It is very important to note that there has been no indication that this has ever happened. Even still, Zoom and Windstream are taking precautions to ensure that it does not happen in the future.

Who May be Impacted? Apple MAC Users with OfficeSuite HD Meeting licenses

What caused the security concern?

Apple introduced a change to its Safari 12 (macOS version 10.14 or higher) that required the OfficeSuite HD Meeting user to confirm they wanted to start the OfficeSuite HD Meeting client prior to joining every meeting. Our partner, Zoom, created a local web server that enabled users to avoid the extra click before joining every meeting. 
 
What steps are Windstream and our partner Zoom taking to mitigate this security concern?

Step 1: July 11(Complete) 
Users are no longer allowed to cross launch the OfficeSuite HD Meeting App when using Safari 12 (macOS version 10.14 or higher). MAC users now need to log in to the OfficeSuite HD Meeting MAC client first, then join into meeting.

Step 2: July 16 (Complete)

Our OfficeSuite HD Meeting service platform partner (Zoom) submitted the patch to Apple. We are currently awaiting confirmation the patch has been pushed to MAC users.  Apple's patch will remove a file that is listening for OfficeSuite HD Meeting URLs to launch OfficeSuite HD Meeting sessions. The file that is being removed is in a folder that will be set to read-only.

Step 3: PENDING (Action required by MAC Users who have an OfficeSuite HD Meeting license)

• A new MAC desktop client will be released shortly.  Once released, MAC users will be prompted to upgrade when they log into their HD Meeting desktop client.  The MAC user should follow the prompts to complete the upgrade process.

After Step 3 has completed, MAC users can make the following changes to their OfficeSuite HD Meeting settings

• Returning users can update their video preferences and set video to OFF by default at any time through the OfficeSuite HD Meeting client settings. 

• First-time users who select the “Always turn off my video” box will automatically have their video preference saved as their default. The selection will automatically be applied to the user’s OfficeSuite HD Meeting client settings and their video will be OFF by default for all future meetings.

Gregg Collins

Thanks for this assurance to our users!