3CX Confirms Supply Chain Attack: Researchers Uncover Mac Component

Organizations running 3CX Phone System, a unified communications solution, have been warned of a recently uncovered supply chain attack against the product.

Security researchers have recently discovered that attackers have modified the Mac component of the product in a way that allows them to run malicious code with System privileges, which enables them to manipulate the application and gain access to customers’ sensitive data.

3CX Confirms Attack

In response to the discovery, 3CX has confirmed that the security researchers were indeed able to uncover a supply chain attack targeting their solution. The company noted that the Mac component is a legacy product and is not actively supported, but it is still used by some users.

The attack was likely conducted by exploiting the lack of appropriate security controls in the software development process, which allowed attackers to infect the product with malicious code. 3CX has since determined that the source of the attack was the Mac component’s unsigned XPC service.

The company has provided comprehensive guidance for organizations running the affected product, and the company is working with Apple to address the issues.

Impact of Attack

The attack can be exploited to manipulate the application’s settings and read user data, 3CX said in a security advisory. Since the Mac component is a legacy product, the attack cannot be used to manipulate the application’s settings while the application is running.

However, by exploiting the XPC service, attackers can gain access to the application’s user and configuration databases, allowing them to access sensitive information, such as users’ credentials, contact lists, and connection details.

Preventive Measures

Organizations running 3CX Phone System are advised to update their products to the latest version in order to stay protected. Additionally, they should implement two-factor authentication for their accounts and make sure that their network is secure.

3CX also recommends keeping the application and the underlying infrastructure up to date, as well as implementing regular security tests and assessments. Furthermore, users should store their data in secure databases, as this can help prevent attackers from gaining access to their sensitive information.


Organizations running 3CX Phone System should be aware of the recently discovered attack and take the necessary steps to protect themselves. Updating their products to the latest version, implementing two-factor authentication, and securing their networks are some of the measures they can take to mitigate the risk of a breach.

If you found this article helpful or have something to add to the conversation, please share this article on social media.

Leave a Comment