• Zoomopener

14 total Zoom Vulnerably / Exploit variants and a RCE Remote Code Execution found! Just when you had enough of the first Zoom Vulnerably, Apple released MRTConfigData 1.46 (now 1.47!) to deal with 14 total variants and a Remote Code Execution (RCE).I created this Index of MRT Links & Info to help you get through the confusion. Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011.

Zoomopener

1. Report generated: 2019-03-25 09:10:49
2. Runtime: 1:35
3. Sandbox: Enabled
4. Description:
5. Anything that appears on this list needs immediate attention.
6. No Time Machine backup - Time Machine backup not found.
7. Kernel panics - This system has experienced kernel panics that could be related to 3rd party software.
8. Minor Issues:
9. These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.
10. Configuration profiles present - This machine has configuration profiles. These are sometimes used by adware and malware.
11. Hardware Information:
12. MacBook Pro (13-inch, 2017, Four Thunderbolt 3 ports)
13. 1 3.3 GHz Intel Core i5 (i5-7287U) CPU: 2-core
14. BANK 0/DIMM0 - 8 GB LPDDR3 2133 ok
15. Battery: Health = Normal - Cycle count = 49
16. Video Information:
17. Color LCD 2880 x 1800
18. Drives:
19. disk0 - APPLE SSD AP0512J 500.28 GB (Solid State - TRIM: Yes)
20. disk0s1 - EFI [EFI] 315 MB
21. disk1 [APFS Virtual drive] 499.96 GB (Shared by 4 volumes)
22. disk1s2 - Preboot (APFS) [APFS Preboot] (Shared)
23. disk1s3 - Recovery (APFS) [Recovery] (Shared - 2.57 GB used)
24. disk1s4 - VM (APFS) [APFS VM] (Shared - 3.22 GB used)
25. Mounted Volumes:
26. APFS
27. Encrypted
28. disk1s3 - Recovery [Recovery] 499.96 GB (432.91 GB free)
29. Mount point: /Volumes/Recovery
30. disk1s4 - VM [APFS VM] (Shared - 3.22 GB used)
31. Mount point: /private/var/vm
32. disk2s1 - A******a 40 MB (33 MB free)
33. Disk Image
34. Owners enabled: No
35. Network:
36. Interface en0: Wi-Fi
37. Interface en7: Bluetooth PAN
38. macOS Mojave 10.14.3 (18D109)
39. This computer has configuration profiles installed.
40. Notifications:
41. /Applications/Microsoft Outlook.app
42. /Applications/EtreCheck.app
43. Gatekeeper: Enabled
44. None
45. Kernel Extensions:
46. gplock108.kext (4.0.2 - SDK 10.9)
47. pangpd_10.9.kext (Palo Alto Networks, 1.0.0 - SDK 10.9)
48. /Library/Extensions
49. b9kernel.kext (Carbon Black, Inc., 7.2.3.4000 Patch 12 - SDK 10.11)
50. CbOsxSensorNetmon.kext (Carbon Black, Inc., 6.2.3.90116 - SDK 10.14)
51. CbOsxSensorProcmon.kext (Carbon Black, Inc., 6.2.3.90116 - SDK 10.14)
52. /Library/Extensions/CbOsxSensorProcmon.kext/Contents/PlugIns
53. cbsystemproxy.kext (Carbon Black, Inc., 6.2.3.90116 - SDK 10.14)
54. /Library/Extensions/b9kernel.kext/Contents/PlugIns
55. b9kernelkauth.kext (Carbon Black, Inc., 7.2.3.4000 Patch 12 - SDK 10.11)
56. b9kernelsupport.kext (Carbon Black, Inc., 7.2.3.4000 Patch 12 - SDK 10.11)
57. b9systemproxy.kext (Carbon Black, Inc., 7.2.3.4000 Patch 12 - SDK 10.11)
58. System Launch Agents:
59. [Loaded] 157 Apple tasks
60. [Not Loaded] 33 Apple tasks
61. [Running] 134 Apple tasks
62. [Running] com.airwatch.mac.agent.plist (Wandering WiFi LLC - installed 2019-03-21)
63. [Running] com.bit9.Notifier.plist (Carbon Black, Inc. - installed 2019-01-09)
64. [Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2019-03-14)
65. [Running] com.paloaltonetworks.gp.pangpa.plist (? e325755d - installed 2019-03-12)
66. [Running] com.paloaltonetworks.gp.pangps.plist (? ce949a03 - installed 2019-03-12)
67. [Running] com.spsecure.useragent.plist (Veriato, Inc. - installed 2019-01-09)
68. Launch Daemons:
69. [Running] com.airwatch.AWRemoteManagementDaemon.plist (Wandering WiFi LLC - installed 2018-10-09)
70. [Running] com.airwatch.AWRemoteTunnelAgent.plist (Wandering WiFi LLC - installed 2018-10-09)
71. [Loaded] com.airwatch.AWSoftwareUpdateScheduler.plist (Wandering WiFi LLC - installed 2019-03-21)
72. [Running] com.airwatch.airwatchd.plist (Wandering WiFi LLC - installed 2018-10-09)
73. [Running] com.airwatch.awcmd.plist (Wandering WiFi LLC - installed 2018-10-09)
74. [Loaded] com.apple.installer.osmessagetracing.plist (Apple - installed 2019-02-05)
75. [Running] com.bit9.Daemon.plist (Carbon Black, Inc. - installed 2019-01-09)
76. [Running] com.carbonblack.CbDigitalSignatureHelper.plist (Carbon Black, Inc. - installed 2019-01-16)
77. [Running] com.carbonblack.daemon.plist (Carbon Black, Inc. - installed 2019-01-16)
78. [Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (Microsoft Corporation - installed 2019-01-09)
79. [Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2019-03-14)
80. [Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2017-07-02)
81. [Not Loaded] com.paloaltonetworks.gp.pangpsd.plist (? fcd5eb13 - installed 2019-03-12)
82. [Running] com.spsecure.daemon.plist (Veriato, Inc. - installed 2019-01-09)
83. User Launch Agents:
84. [Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2019-03-11)
85. User Login Items:
86. Enterprise Connect.app (Apple - installed 2019-01-09)
87. (Application - /Applications/Enterprise Connect.app)
88. OneDrive.app (Microsoft Corporation - installed 2019-03-12)
89. ZoomOpener.app (Zoom Video Communications, Inc. - installed 2018-12-16)
90. SharePointBrowserPlugin: 15.32 (Microsoft Corporation - installed 2017-03-09)
91. MeetingJoinPlugin: 1.0 (? - installed 2019-01-09)
92. User Internet Plug-ins:
93. ZoomUsPlugIn: 4.1.35374.1217 (Zoom Video Communications, Inc. - installed 2019-01-17)
94. CWSAssistantPlugin: 100 (? - installed 2018-12-11)
95. Audio Plug-ins:
96. AppleTimeSyncAudioClock: 1.0 (Apple - installed 2018-11-30)
97. BluetoothAudioPlugIn: 6.0.10 (Apple - installed 2019-02-27)
98. AppleAVBAudio: 710.1 (Apple - installed 2018-11-30)
99. BridgeAudioSP: 5.2 (Apple - installed 2019-02-27)
100. iSightAudio: 7.7.3 (Apple - installed 2018-11-30)
101. Time Machine:
102. System Load: 1.18 (1 min ago) 4.95 (5 min ago) 12.17 (15 min ago)
103. File system: 28.31 seconds
104. Read speed: 1685 MB/s
105. CPU Usage Snapshot:
106. System 3 %
107. Idle 93 %
108. Top Processes Snapshot by CPU:
109. Other processes 18.63 % (?)
110. OneDrive 1.67 % (Microsoft Corporation)
111. Google Chrome 0.58 % (Google, Inc.)
112. Top Processes Snapshot by Memory:
113. EtreCheck 581 MB (App Store)
114. Finder 220 MB (Apple)
115. Console 157 MB (Apple)
116. Top Processes Snapshot by Network Use:
117. mDNSResponder 8 MB / 7 MB (Apple)
118. CbOsxSensorService 16 KB / 269 KB (Carbon Black, Inc.)
119. netbiosd 48 KB / 33 KB (Apple)
120. Physical RAM: 16 GB
121. Free RAM: 5.47 GB
122. Cached files: 3.37 GB
123. Available RAM: 8.84 GB
124. Install Date Name (Version)
125. 2019-03-12 Bit9 Platform (7.2.3.4000)
126. 2019-03-13 LastPass (4.4.0)
127. 2019-03-13 Slack (3.3.8)
128. 2019-03-13 Microsoft OneNote (16.23.19030902)
129. 2019-03-13 Microsoft PowerPoint (16.23.19030902)
130. 2019-03-14 Microsoft AutoUpdate (4.9.19030902)
131. 2019-03-21 VMware Workspace ONE Intelligent Hub (3.3.0.498)
132. 2019-03-25 08:54:31 kcm Crash
133. Executable: /System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kcm
134. dyld3 mode
135. Executable: /System/Library/PrivateFrameworks/MobileAccessoryUpdater.framework/Support/fud
136. objc_msgSend() selector name: setPluginInstance:withVersion:pluginName
137. dyld3 mode
138. Executable: /Applications/Microsoft Word.app
139. Performing @selector(terminate:) from sender NSMenuItem 0x600000d30900
140. 3rd party kernel extensions:
141. com.bit9.KernelKauth
142. com.bit9.SystemProxy.7.2.3f8
143. com.carbonblack.CbOsxSensorNetmon
144. com.paloaltonetworks.kext.pangpd
145. End of report