The developer of enterprise communications software 3CX revealed on Thursday that a supply chain attack had damaged several versions of its desktop programme for Windows and macOS. The version numbers are 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 for macOS and 18.12.407 and 18.12.416 for Windows. The problem is identified with the CVE code CVE-2023-29059.
The business announced that it had hired Mandiant, a company owned by Google, to investigate the incident. In the meanwhile, it is advising users of the software’s self-hosted and on-premise editions to update to version 18.12.422.