Modi govt's warning for Zoom users shouldn't be ignored at any cost

Updated on Oct 15, 2022 12:38 PM IST

CERT-IN alerted in the vulnerability note, “Multiple vulnerabilities have been identified in Zoom products.” It added the flaws “could be exploited by an authenticated attacker to bypass security restriction, execute arbitrary code or cause denial of service conditions on the targeted system.”

Centre has warned the presence of vulnerabilities in Zoom products.(Zoom)
Centre has warned the presence of vulnerabilities in Zoom products.(Zoom)
By | Edited by Aryan Prakash

The Narendra Modi government has issued a high-risk warning to video conferencing platform Zoom users of attackers getting entry to their system and carrying out mischievous operations.

The Indian Computer Emergency Response Team (CERT-IN) has issued the advisory with a high severity rating on Thursday against multiple vulnerabilities reported in the Zoom products.

CERT-IN alerted in the vulnerability note, “Multiple vulnerabilities have been identified in Zoom products.” It added the flaws “could be exploited by an authenticated attacker to bypass security restriction, execute arbitrary code or cause denial of service conditions on the targeted system.”

CERT-IN is a statutory body with powers from the Information Technology (Amendment) Act of 2008. This nodal agency under the Ministry of Electronics and Information Technology monitors computer security incidents, records susceptibilities, and advocates powerful IT security practices throughout the country. It reveals bugs and cybersecurity threats, including hacking and phishing attacks.

Which versions are affected and why?

CERT-IN has stated that the vulnerabilities are found on Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 and Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0.

As per the report, these vulnerabilities exist because of improper access control, debugging port misconfiguration flaw.

How would it influence the system ?

Using these vulnerabilities, the agency warns, an authenticated user could exploit these vulnerabilities to use the debugging port to connect to and control the Zoom Apps running in the Zoom client. The attacker could also prevent participants from receiving audio and video and causing meeting disruptions.

What is the solution?

Users should upgrade to the latest version, as mentioned in Zooms Security advisory.

Zoom's response

The virtual meeting platform issued an official statement on the report. ““As detailed on our Zoom Security Bulletin page, we have already resolved these security issues. As always, we recommend users keep up to date with the latest version of Zoom to take advantage of Zoom’s latest features and security updates. Safety, security, and privacy are at the core of Zoom’s decision making and enhancements to its platform”, the official statement said.

SHARE THIS ARTICLE ON
SHARE
Story Saved
OPEN APP
×
Saved Articles
Following
My Reads
My Offers
Sign out
New Delhi 0C
Sunday, February 05, 2023
Start 15 Days Free Trial Subscribe Now
Register Free and get Exciting Deals