NCC warns Zoom users against updating software

The Nigerian Communications Commission Computer Security Incident Response Team (NCC-CSIRT) has advised users of the video calling platform, Zoom, to install the latest software update from its official website. following the discovery of vulnerabilities allowing a remote attacker to exploit the application.

In a notice published Wednesday in a statement by commission spokesperson Reuben Mouka, the NCC-CSIRT reported that the Computer Emergency Response Team India (CERT-In) found several flaws in the Zoom product. .

The video calling platform has become popular for virtual meetings following the COVID-19 pandemic with over 300 million daily users.

According to the NCC-CSIRT advisory, “A remote attacker could exploit the vulnerabilities to bypass the implemented security measures and cause a denial of service on the targeted machine”.

He noted that “These vulnerabilities exist due to an incorrect implementation of access control in the MMR of the on-premises Zoom Meeting Connector prior to version 4.8.20220815.130. A remote attacker could exploit these vulnerabilities to join a meeting he is not authorized to attend without being seen by other participants. They can also access audio and video streams of meetings they weren’t allowed to attend, as well as interrupt other sessions.

Successful exploitation of these vulnerabilities could allow an unauthorized remote authenticated user to bypass security limitations implemented on the targeted system.

The Computer Security Incident Response Team (CSIRT) is the telecommunications sector’s cybersecurity incident center set up by the NCC to focus on incidents in the telecommunications sector and as they may affect consumers telecommunications and citizens in general. The CSIRT also works in conjunction with the Nigeria Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting and securing Nigerian cyberspace to prevent attacks and related issues or events.

Comments are closed.