Indian govt issues advisory for Zoom users; Details here
According to CERT-In, the vulnerabilities, classified as 'Medium' threat level, can allow a hacker to bypass implemented security restrictions on the targeted systems. They can listen to audio and video feeds while secretly joining a Zoom meeting.
FollowThe Indian Computer Emergency Response Team (CERT-In) has discovered several flaws in Zoom's video conferencing platform. The agency stated in an advisory that Zoom vulnerabilities could allow a remote unauthenticated user to join a Zoom video meeting without being visible to other participants on the joint list.
According to CERT-In, the vulnerabilities, categorised as 'Medium' threat level, can allow a hacker to bypass implemented security restrictions on the targeted systems. They can secretly join a Zoom meeting and listen to audio and video feeds.
The Ministry of Electronics and Information Technology oversees CERT-IN. This government agency is in charge of reporting bugs and cybersecurity threats such as hacking and phishing attacks.
Zoom has also reported the vulnerabilities. CVE-2022-28758, CVE-2022-28759, and CVE-2022-28760 affect Zoom's On-Premise Meeting Connector MMR before version 4.8.20220815.130. According to Zoom, this improper access control vulnerability allows a malicious actor to join a meeting they are not authorised to attend without being visible to the other participants.
Zoom raised the vulnerability on September 13, and the cyber agency issued an advisory on September 19. CERT-In has advised users to update to the most recent Zoom version on their devices in its advisory. Sign in to the Zoom desktop client to update Zoom on your laptop. Check for updates by clicking on your profile picture. Download and install any available and new versions. Smartphone users can download the latest versions of the Zoom app from Google Play or the Apple App Store.
CERT-In recently issued a high-risk warning to certain Microsoft users. Microsoft Windows, Microsoft Office, Microsoft SharePoint, Microsoft Dynamics CRM, Visual Studio, and the.NET Framework were all included. Users of these Microsoft products were advised to apply the most recent security patch based on Microsoft's September 2022 security update.
Also Read: Zoom's new emotion tracking tech in controversy
Also Read: Shweta's viral zoom audio call is breaking the internet with memes
Also Read: Government official caught having sex with secretary during Zoom meeting, this happened next
