Zoom security threat: Govt advises users to update app immediately

New Delhi, Sep 19: The Indian Computer Emergency Response Team (CERT-In) has identified multiple vulnerabilities in the video conferencing platform Zoom, which could allow a remote authenticated user to bypass implemented security restrictions on the targeted system.

According to CERT-In, the vulnerabilities, categorised as 'Medium' threat level, can allow a hacker to bypass implemented security restrictions on the targeted systems. They can secretly join a Zoom meeting and listen to audio and video feeds.

"These vulnerabilities exist due to improper access control implementation. A remote attacker could exploit these vulnerabilities to join a meeting they are authorised to join without appearing to the other participants or obtain the audio-video feed of a meeting they were not authorised to join and cause other meeting disruptions," it added.

US: Zoom settles privacy lawsuit for million

The Ministry of Electronics and Information Technology (MeiTY), urged users to update to the latest version as mentioned in Zoom's security advisory.

In fact, Zoom had also flagged an improper access control vulnerability to the users. "Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorised to join without appearing to the other participants".

On September 15, Zoom encountered a technical snag after more than 40,000 users reported issues claiming they were prevented from starting and joining meetings. Later, the platform was resolved.

Recently, CERT-In recently issued a high-risk warning to certain Microsoft users. Microsoft Windows, Microsoft Office, Microsoft SharePoint, Microsoft Dynamics CRM, Visual Studio, and the.NET Framework were all included.

Users of these Microsoft products were advised to apply the most recent security patch based on Microsoft's September 2022 security update.