Zoom Has Serious Security Flaws; Here’s How To Update Platform Immediately
New Delhi: Zoom, the widely used video-conferencing platform, has been found to have multiple security flaws. So much so that the Central government has advised users to update the app or web browser immediately.
According to Indian Computer Emergency Response Team (CERT-In), which deals with cyber security threats, Zoom vulnerabilities let remote attackers join a meeting without appearing to the other participants.
If hackers are successful, they can obtain audio and video feeds of a meeting they are not authorized to attend and cause other meeting disruptions.
It may also be possible for them to access sensitive information about companies/individuals shared during the audio or video call.
To ensure security is not breached, users have to update the latest version of Zoom on their desktops. Users can also keep their mobile apps updated, to be on the safe side.
To update Zoom on Windows, macOS, or Linux, sign in to Zoom desktop client > Click your profile picture > Check for Updates. If there is a newer version, Zoom will download and install it. For smartphones, head to Google Play or Apple App Store and check the latest versions.
The Ministry of Electronics and Information Technology (MeitY) body has categorized the threat level as ‘medium’.
CERT-In and Zoom have both said that three vulnerabilities – termed CVE-2022-28758, CVE-2022-28759 and CVE-2022-28760 — affect Zoom’s on-premise meeting connector MMR.
Zoom explained that on-premise deployments allows organizations to deploy meeting connector virtual machines within their internal company network. The tool lets parties host meetings on a ‘private cloud’.
While the government flagged the problem on September 19, Zoom issued the warning on September 13.
CERT-In has also advised users to update their Google Chrome for desktop after discovering multiple vulnerabilities. The cyber security team warned that if the issue is not mitigated, hackers can ‘bypass’ security restrictions, execute arbitrary code or cause denial of service conditions on the targeted system.