NCC, CSIRT warns Zoom users about vulnerabilities and advises software update

The Nigerian Communications Commission Computer Security Incident Response Team (NCC-CSIRT) has advised users of the video calling platform, Zoom, to install the latest software update from its official website. following the discovery of vulnerabilities allowing a remote attacker to exploit the application. .

In an advisory released on Wednesday, the NCC-CSIRT reported that the Computer Emergency Response Team India (CERT-In) found several flaws in the Zoom product.

The video calling platform has become popular for virtual meetings following the COVID-19 pandemic with over 300 million daily users.

According to the NCC-CSIRT notice, “A remote attacker could exploit the vulnerabilities to bypass the security measures in place and cause a denial of service on the targeted machine.”

He noted that “These vulnerabilities exist due to an incorrect implementation of access control in the MMR of the on-premises Zoom Meeting Connector prior to version 4.8.20220815.130. A remote attacker could exploit these flaws to join a meeting that they are not in not allowed to attend without being seen by other participants.

They can also access audio and video streams of meetings they weren’t allowed to attend, as well as interrupt other sessions.

Successful exploitation of these vulnerabilities could allow an unauthorized remote authenticated user to bypass security limitations implemented on the targeted system.

The Computer Security Incident Response Team (CSIRT) is the telecommunications sector’s cybersecurity incident center set up by the NCC to focus on incidents in the telecommunications sector and as they may affect consumers telecommunications and citizens in general.

The CSIRT also works in conjunction with the Nigeria Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting and securing Nigerian cyberspace to prevent attacks and related issues or events.

Don’t miss the important articles of the week. Subscribe to weekly digest for updates

Comments are closed.