NCC urges Zoom users to update software as vulnerabilities are discovered
The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has advised users of videotelephony platform, Zoom, to install the latest update of the software from its publisher’s official website following the discovery of vulnerabilities that allows a remote attacker to exploit the app.
In an advisory issued on Wednesday, NCC-CSIRT reported that the Indian Computer Emergency Response Team (CERT-In) found several flaws in Zoom products.
According to the NCC-CSIRT advisory, a remote attacker could exploit the vulnerabilities to circumvent implemented security measures and cause a denial of service on the targeted machine.
The CSIRT in the advisory said: “These vulnerabilities exist owing to incorrect access control implementation in Zoom On-Premises Meeting Connector MMR prior to version 4.8.20220815.130. A remote attacker could exploit these flaws to join a meeting they were not permitted to attend without being seen by the other attendees. They can also access audio and video feeds from meetings they were not permitted to attend, as well as interrupt other sessions.”
“Successful exploit of these vulnerabilities could allow an unauthorized remote authenticated user to bypass implemented security limitations on the targeted system,” it added.