Do you regularly attend Zoom meets? This Centre advisory is meant for you

The Narendra Modi government has issued an advisory to the users of video-conferencing platform Zoom. The advisory of medium severity by Indian Computer Emergency Response Team, a nodal agency under the ministry of electronics and information technology has flagged ‘multiple vulnerabilities' in Zoom products.

According to the advisory, the vulnerabilities exist due to improper access control implementation. “A remote attacker could exploit these vulnerabilities to join a meeting they are authorised to join without appearing to the other participants or obtain the audio and video feed of a meeting they were not authorised to join and cause other meeting disruptions”, the CERT-IN stated.

The CERT-IN advisory expressed concerns that a successful exploitation of these vulnerabilities could allow a remote authenticated user to bypass implemented security restrictions on the targeted systems.

The CERT-IN has recommended the Zoom users to update the platform as given in its advisory. In fact, the virtual meeting platform on September 13 had also flagged an improper access control vulnerability to the users. “Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants".

On September 15, Zoom encountered a technical snag after more than 40,000 users reported issues claiming they were prevented from starting and joining meetings. Later, the platform said it had resolved the problem.