Tutorials: 3CX Security Alert

This affects versions 18.12.407 and 18.12.416 of the Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the Electron macOS application.

You can easily check what Users/Extensions are using the DesktopApp and if they are on an affected version by navigating to the 3CX Management Console > Selecting the Phones Tab > and searching for "DesktopApp"

Take note that this search only finds connected and running DesktopApps.

Windows:

On the affected users computer, open Control Panel or "appwiz.cpl"

Select "3CX Desktop App" and "Uninstall".

Select “Yes” when prompted.

You should see a progress bar.

For your notes, 3CX Desktop Application files are stored in:

C:\Users\<name>\AppData\Local\Programs\3CXDesktopApp
C:\Program Files\3CXDesktopApp\

Mac:

Go to “Applications”

Tap on “3CX Desktop APP”

Right click then “Move to Bin”

Ensure that it isn’t also present on Desktop otherwise delete it from there as well.

Empty the Bin

3CX has issued a security notice that impacts the 3CX desktop app that was shipped with Update 7.

If your 3CX is hosted with Voxtelesys, we have NOT updated your 3CX Server from update 6 to 7, unless you have turned on Auto-Updates or manually updated yourself.

At this time, we are recommending all Update 7 users to uninstall the desktop app (if you are running Windows Defender, it may do this automatically for you). Please do not re-install the app until a patched version is released by 3CX. The MAC desktop application will not be rebuilt for the time being as 3CX is focusing on the Windows app as well as the actual security breach.

You can determine which users are using the 3CX desktop app by navigating to the 3CX Management Console, selecting the phones tab on the left, and searching for "DesktopApp;" take note that this will only show online Desktop App clients.

In addition, 3CX is recommending that users use the PWA web-client instead of the desktop app at this time:

“3CX strongly recommends using the PWA client instead. It achieves 99% of the client app’s functionality and is fully web-based. However, take note that the PWA does not have BLF or hotkeys features.”

As always, you can submit a support ticket through the portal if you have concerns or questions.