NCC-CSIRT urges Zoom users to install update due to vulnerabilities
TECHDIGEST – The Computer Security Incident Response Team (CSIRT), established by the Nigerian Communications Commission (NCC) has advised users of the Zoom platform to install the latest update of the software.
This advice comes following the discovery of vulnerabilities that allow a remote attacker to exploit the app.
The NCC-CSIRT reported that the Indian Computer Emergency Response Team (CERT-In) found several flaws in the Zoom product. The video telephony platform became popular for virtual meetings in the wake of the COVID-19 Pandemic with more than 300 million daily users.
READ ALSO: Postmaster-General of NIPOST Replaced – FG
According to the NCC-CSIRT advisory, “A remote attacker could exploit the vulnerabilities to circumvent implemented security measures and cause a denial of service on the targeted machine.”
It noted, “These vulnerabilities exist owing to incorrect access control implementation in Zoom On-Premises Meeting Connector MMR prior to version 4.8.20220815.130. A remote attacker could exploit these flaws to join a meeting they were not permitted to attend without being seen by the other attendees. They can also access audio and video feeds from meetings they were not permitted to attend and interrupt other sessions.”
A successful exploit of these vulnerabilities could allow an unauthorized remote authenticated user to bypass implemented security limitations on the targeted system.
The Computer Security Incident Response Team (CSIRT) is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large. The CSIRT also works collaboratively with the Nigeria Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risks incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.