CVE-2019-13567 and


The application has a security flaw thanks to a hidden web server that is installed along with the application.

Affects versions of below: 4.4.53932.0709


The following patch should also mitigate:

This threat also affects RingCentral as this is powered by


Once installed, runs its own web server service.  This can be seen from running the following:

1 2 3 # lsof -i :19421 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ZoomOpene 548 sholden 7u IPv4 0xb47db4cc976decf3 0t0 TCP localhost:19421 (LISTEN)

This process can be killed and even removed, but you may notice it re-instal.  To mitigate this security flaw either:

  • Update  to version 4.4.53932.0709 or above - removes the web service

  • Patch your macOS device with MRTConfigData version 1.45 or above - removes the web service



Updates may be downloaded from:

This page also hosts a download for managed deployment, labelled "Download for IT Admin".  With the use of a pre-configured supporting file, the software may be configured during installation:

As such, it should be possible to preset the video to be off, for example.  

  • Key: ZDisableVideo

  • Type: Boolean

  • Value: True

However, it appears that although the configuration plist file is placed in /Library/Preferences/, editing this file has no affect on the shown preference once the software is installed.  As such, consider re-isnstalling the software with this supporting file.

Update MRTConfigData

Apple have re-acted to this and have provided an update to their Malware Removal Tool.  Allowing this tool to update to version 1.45 or higher will remove the web service part of if it exists.

If devices are already configured to "Install system data files and security updates" then this should instal automatically.

However, if this option is disabled, FileWave is able to push the update as a Software Update Fileset.  Searching for MRTConfigData should show version 1.45 (041-84505)


It may be prudent to monitor the use of the software and devices to ensure they are protected.

FileWave already stores Application versions by default.  It is therefore possible to create an Inventory Query to show installations of

However, to report on the version of MRTConfigData would require a Custom Field which could be based upon:

1 defaults read /System/Library/CoreServices/ CFBundleShortVersionString