Multiple security flaws have been identified on the video conferencing platform Zoom, and the government is advising users to update the platform immediately. According to an Indian Computer Emergency Response Team (CERT-In) that deals with cyber security threats, the Zoom vulnerabilities let remote attackers join a meeting without appearing to the other participants.
If successfully breached, hackers can obtain audio and video feeds of a meeting they were not authorised to attend and “cause other meeting disruptions”. They may also access sensitive company information shared during the audio or video call. The MeitY (Ministry of Electronics and Information Technology) body has categorised the threat level as ‘medium’.
Both the government and Zoom say that three vulnerabilities, dubbed CVE-2022-28758, CVE-2022-28759, and CVE-2022-28760 affect Zoom’s On-Premise Meeting Connector MMR. The video conferencing platform explains that On-Premise deployments allow organisations to deploy meeting connector virtual machines within their internal company network. The tool lets parties host meetings on a “private cloud”. The government raised the issue on September 19, while Zoom issued the same warning on September 13.
To ensure security, the government advises users to update the latest version of Zoom on their desktops. Users can also keep their mobile apps updated, just to be on the safe side. To update Zoom on Windows, macOS, or Linux, sign in to Zoom desktop client > Click your profile picture > Check for Updates. If there is a newer version, Zoom will download and install it. For smartphones, head to Google Play or Apple App Store and check the latest versions.
Meanwhile, CERT-In has also advised users to update their Google Chrome for desktop after discovering multiple vulnerabilities. The cyber security warned that the issue is not mitigated, hackers can “bypass security restrictions, execute arbitrary code or cause denial of service conditions on the targeted system”