3CX Security Alert

What Happened?

On March 29th, 3CX received reports from a third party of a malicious actor exploiting a vulnerability in their product.

Impact on our clients using 3CX ?

We have assessed our client base and with over 99% of clients either operating from traditional Yealink Handsets, the 3CX Web Client or using the Mobile 3CX app these people remain safe from any impact. For those running the 3CX Desktop app we are investigating whether they had the latest release and taking any necessary action.

For those running the Latest 3CX Desktop Client?

3CX’s advice is to uninstall the Desktop App and use either the WebClient or the PWA. 3CX believe that the legacy Windows softphone and mobile apps have not been affected.

Uninstall the Electron App

For Windows:

  1. Start Menu
  2. Type “Control Panel”, Press Enter
  3. Select “Programs and Features”
  4. Find 3CX Desktop App, select “Uninstall”
For Mac:

  1. Go to “Applications”
  2. Tap on “3CX Desktop APP”
  3. Right click then select “Move to Bin”
  4. Ensure that it isn’t also present on Desktop otherwise delete it from there as well
  5. Empty the Bin

Replace the Electron App with the older version found here

If you have any concerns then please call our office on 07 5499 0822

The official news 3CX press release can be found here