We regret to inform you that 3CX company has become victim to an attack on the product and the larger supply chain. Our highest priority is to be transparent in sharing details on what actions 3CX and we are taking in response to this incident and what we know to date, to decline the inconvenience it may cause.
On March 29th, 3CX received reports from a third party of a malicious actor exploiting a vulnerability in our product. We took immediate steps to investigate the incident, retaining Mandiant, leading global cybersecurity experts. Initial investigation suggested the incident was carried out by a highly experienced and knowledgeable hacker. 3CX are working closely with law enforcement and other authorities.
According to the situation and information that provided from 3CX, this is what recommended to do now:
Uninstall the 3CX Electron Desktop Application from all Windows or Mac OS computers.
Continue AV scans and EDR solutioning in your organization's networks for any potential malware with the latest signatures.
Switch to using the PWA web client app rather than Desktop App.
a. For installation, go to the 3CX Web Client
b. Click “Install 3CX” on top of your address bar. It doesn’t require installing any binary and runs within your browser sandbox.
As a token of gratitude for your patience and support, 3CX are extending customers’ subscriptions by 3 months free of charge. This extension will be applied automatically in the coming weeks.
We will stay on track of the following updates from 3CX and do our best to assist our customer, please do not hesitate to contact us if there is any issue.
...
中文 | English
3CX has issued a security vulnerability alert for its desktop application on March 29th. Both Windows and macOS versions of the current 3CX Desktop App are affected by this vulnerability.
| 附註 |
|---|
If you are currently running 3CX Desktop App on Windows or macOS, please remove the 3CX Desktop App from your computer immediately. |
For Windows:
Start
Type “Control Panel”, Enter
Select “Programs and Features”
Find 3CX Desktop App, select and press “Uninstall”.
For macOS:
Go to “Applications”
Tap on “3CX Desktop APP”
Right click then “Move to Bin”
Ensure that it isn’t also present on Desktop otherwise delete it from there as well.
Empty the Bin.
3CX is currently investigating this security vulnerability, and we will update this article with any further information. Please do not attempt to install the desktop application until further updates are available.
While the security vulnerability is being fixed, you can use the web-based version or the web app.
If you have any questions, please feel free to contact us at any time!