Security Alert for 3CX Windows & Mac Softphones on V18, Update 7
The 3CX Windows and Mac softphones shipped in Update 7, version numbers 18.12.407 & 18.12.416, includes a security issue. Anti Virus vendors have flagged the executable 3CXDesktopApp.exe and in many cases uninstalled it.
The issue appears to be one of the bundled libraries that were compiled into the Apps via GIT.
Domains Have Been Taken Down
The domains contacted by this compromised library have already been reported, with the majority taken down overnight. A github repository which listed them has also been shut down, effectively rendering it harmless.
Use the Web Client Instead!
It is strongly advised that you use the web client instead as it’s completely web based and does 95% of what the Windows and Mac softphones do. The advantage is that it does not require any installation or updating and chrome web security is applied automatically.
Check the 3CX Forum for ongoing updates.