NEW DELHI: The Modi government at the Center has issued a warning of serious danger regarding the video conferencing platform Zoom. It has been said in the warning that attackers of the system are entering into it and doing harmful activities.
Government organization Indian Computer Emergency Response Team (CERT-In) issued an advisory on Thursday, warning about several flaws in Zoom products. These flaws have been found in two versions (software) of Zoom.
CERT-In has described the flaws in Zoom as very serious. Through these, an authenticated attacker can bypass security restrictions and use arbitrary code or denial of service conditions in the system.
The attacker can connect to and control the Zoom apps running in the Zoom client. It can block or interrupt audio and video access to zoom meeting participants.
CERT-in has been given powers in the Information Technology (Amendment) Act, 2008 which works under the Ministry of Electronics and Information Technology.
Its job is to track incidents related to computer security, detect vulnerabilities and strengthen IT security. It provides information about bugs, hacking and phishing attacks.
Which versions are affected and why?
CERT-IN has stated that the vulnerabilities are found on Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 and Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0.
As per the report, these vulnerabilities exist because of improper access control, debugging port misconfiguration flaw.
How would it influence the system ?
Using these vulnerabilities, the agency warns, an authenticated user could exploit these vulnerabilities to use the debugging port to connect to and control the Zoom Apps running in the Zoom client. The attacker could also prevent participants from receiving audio and video and causing meeting disruptions.
What is the solution?
Users should upgrade to the latest version, as mentioned in Zooms Security advisory.