NCC-CSIRT alerts Zoom users to software vulnerabilities – ConsumerConnect


*The Nigerian Communications Commission’s Computer Security Incident Response Team advisory informs Zoom users that a remote attacker can exploit vulnerabilities to circumvent implemented security measures and cause a denial of service on the targeted machine

Gbenga Kayode | ConsumerConnect

As part of the telecoms sector regulator’s mandate to consumers, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has advised users of videotelephony platform, Zoom, to install the latest update of the software from its publisher’s official Web site.

The Commission stated that the latest advisory to  users was sequel to the NCC-CSIRT discovery of vulnerabilities that allow a remote attacker to exploit the app.

Mr. Reuben Muoka, Director of Public Affairs at NCC, September 22, 2022, said in advisory issued on Wednesday, NCC-CSIRT had reported that the Indian Computer Emergency Response Team (CERT-In) found several flaws in the Zoom product.

The videoconferencing platform is said to have become popular for virtual meetings in the wake of the Coronavirus (COVID-19) pandemic with over 300 million daily users.

The NCC-CSIRT advisory also noted that “a remote attacker could exploit the vulnerabilities to circumvent implemented security measures and cause a denial of service on the targeted machine.”

It further stated that “these vulnerabilities exist owing to incorrect access control implementation in Zoom On-Premises Meeting Connector MMR prior to version 4.8.20220815.130.”

According to advisory, a remote attacker could exploit these flaws to join a meeting they were not permitted to attend without being seen by the other attendees.

“They can also access audio and video feeds from meetings they were not permitted to attend, as well as interrupt other sessions.”

The Commission also explained that successful exploit of these vulnerabilities could allow an unauthorised remote authenticated user to bypass implemented security limitations on the targeted system.

About CSIRT

The Computer Security Incident Response Team (CSIRT) is the telecoms sector cybersecurity incidence centre set up by the NCC to focus on incidents in the…

Source…