Enterprise communications software maker 3CX has confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. The version numbers include 18.12.407 and 18.12.416 for Windows and 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 for macOS. The company said it's engaging the services of Google-owned Mandiant to review the incident. In the interim, it's urging its customers of self-hosted and on-premise versions of the software to update to version 18.12.422. "3CX Hosted and StartUP users do not need to update their servers as we will be updating them over the night automatically," 3CX CEO Nick Galea said in a blog post. "Servers will be restarted and the new Electron App MSI/DMG will be installed on the server." Evidence available so far points to either a compromise of 3CX's software build pipeline to distribute Windows and macOS versions of the app package, or alternatively, the poisoning of an upstream dependency. The scale of the attack is currently unknown. The earliest period of potentially malicious activity is said to have been detected on or around March 22, 2023, according to a post on the 3CX forum, although preparations for the sophisticated campaign commenced no later than February 2022. This news is concerning for a few reasons. First, because the scale of the attack is unknown, we don't know how many people could be affected. Second, the earliest period of potentially malicious activity was detected almost a year ago, which means that the attackers have had a lot of time to do damage. Fortunately, 3CX is taking the situation seriously and has engaged the services of Google-owned Mandiant to review the incident. In the meantime, the company is urging its customers to update to the latest version of the software. 3CX Hosted and StartUP users don't need to take any action, as the company will be updating their servers automatically. If you're a 3CX customer, make sure you're running the latest version of the software. And even if you're not a 3CX customer, this news is a reminder to always stay up-to-date on security patches and updates for all the software you use.
top of page
bottom of page