Tag Archive for: Zoom

Using Chrome, Windows, iOS and Zoom? Update them now or else risk security breach

/in


New Delhi,UPDATED: Nov 1, 2022 12:31 IST

By Divya Bhati: October received a lineup of software and security updates for Android, iOS, Windows, Chrome and Zoom. The new patches and fixes addressed important security vulnerabilities, bugs and enhanced security features. Generally, these updates are automatically downloaded in the devices if the device is set up on auto download. But in case the auto download is off, it is highly advisable to update the software with the latest patches to keep your device safe.

Here is the list of latest patches rolled out by Apple, Google, Microsoft and Zoom which your device needs to update as soon as possible.

Apple iOS 16.1 and iPadOS 16 update

Apple released the latest iOS 16.1 and iPadOS 16 just after the release of the latest iPad lineup. Both iOS 16.1 and iPadOS 16 have a list of security fixes including a zero-day vulnerability. According to Apple ‘s support page, the exploited flaw is classified as CVE-2022-42827 and could allow an application to run code with kernel privileges.

The operating system update addresses a total of 20 vulnerabilities, three of which are in the kernel, the core component of the iPhone’s operating system. Along with that, the iOS 16.1 also fixes four flaws in WebKit, the engine that drives the Safari browser, of which two might be used to execute code.

Google Android new update fixes flaws in System

Google released the Android Security Bulletin for October with patches for 33 kernel and vendor-related flaws as well as 15 Framework and System faults. One of the most alarming vulnerabilities is a serious security issue in the Framework component that could result in local network access and is designated CVE-2022-20419. This update is now available for the Samsung Galaxy S21, S22, and Galaxy S21 FE and Pixel devices.

Google releases emergency update for Chrome

Google released another emergency update for Google Chrome users to address a type of confusion vulnerability in the V8 JavaScript engine. Classified as CVE-2022-3723, the flaw could be used to run programmes and take over the system controls. Google also released Chrome 106 earlier this month, fixing six high-severity vulnerabilities.

Microsoft released Patch…

Source…

Modi govt’s warning for Zoom users shouldn’t be ignored at any cost

/in


The Narendra Modi government has issued a high-risk warning to video conferencing platform Zoom users of attackers getting entry to their system and carrying out mischievous operations.

The Indian Computer Emergency Response Team (CERT-IN) has issued the advisory with a high severity rating on Thursday against multiple vulnerabilities reported in the Zoom products.

CERT-IN alerted in the vulnerability note, “Multiple vulnerabilities have been identified in Zoom products.” It added the flaws “could be exploited by an authenticated attacker to bypass security restriction, execute arbitrary code or cause denial of service conditions on the targeted system.”

CERT-IN is a statutory body with powers from the Information Technology (Amendment) Act of 2008. This nodal agency under the Ministry of Electronics and Information Technology monitors computer security incidents, records susceptibilities, and advocates powerful IT security practices throughout the country. It reveals bugs and cybersecurity threats, including hacking and phishing attacks.

Which versions are affected and why?

CERT-IN has stated that the vulnerabilities are found on Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 and Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0.

As per the report, these vulnerabilities exist because of improper access control, debugging port misconfiguration flaw.

How would it influence the system ?

Using these vulnerabilities, the agency warns, an authenticated user could exploit these vulnerabilities to use the debugging port to connect to and control the Zoom Apps running in the Zoom client. The attacker could also prevent participants from receiving audio and video and causing meeting disruptions.

What is the solution?

Users should upgrade to the latest version, as mentioned in Zooms Security advisory.

Zoom’s response

The virtual meeting platform issued an official statement on the report. ““As detailed on our Zoom Security Bulletin page, we have already resolved these security issues. As always, we recommend users keep up to date with the latest version of Zoom to take advantage of Zoom’s latest features and…

Source…

NCC-CSIRT alerts Zoom users to software vulnerabilities – ConsumerConnect

/in


*The Nigerian Communications Commission’s Computer Security Incident Response Team advisory informs Zoom users that a remote attacker can exploit vulnerabilities to circumvent implemented security measures and cause a denial of service on the targeted machine

Gbenga Kayode | ConsumerConnect

As part of the telecoms sector regulator’s mandate to consumers, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has advised users of videotelephony platform, Zoom, to install the latest update of the software from its publisher’s official Web site.

The Commission stated that the latest advisory to  users was sequel to the NCC-CSIRT discovery of vulnerabilities that allow a remote attacker to exploit the app.

Mr. Reuben Muoka, Director of Public Affairs at NCC, September 22, 2022, said in advisory issued on Wednesday, NCC-CSIRT had reported that the Indian Computer Emergency Response Team (CERT-In) found several flaws in the Zoom product.

The videoconferencing platform is said to have become popular for virtual meetings in the wake of the Coronavirus (COVID-19) pandemic with over 300 million daily users.

The NCC-CSIRT advisory also noted that “a remote attacker could exploit the vulnerabilities to circumvent implemented security measures and cause a denial of service on the targeted machine.”

It further stated that “these vulnerabilities exist owing to incorrect access control implementation in Zoom On-Premises Meeting Connector MMR prior to version 4.8.20220815.130.”

According to advisory, a remote attacker could exploit these flaws to join a meeting they were not permitted to attend without being seen by the other attendees.

“They can also access audio and video feeds from meetings they were not permitted to attend, as well as interrupt other sessions.”

The Commission also explained that successful exploit of these vulnerabilities could allow an unauthorised remote authenticated user to bypass implemented security limitations on the targeted system.

About CSIRT

The Computer Security Incident Response Team (CSIRT) is the telecoms sector cybersecurity incidence centre set up by the NCC to focus on incidents in the…

Source…

Computer security experts warn against loopholes in Zoom app

/in


HYDERABAD: The Indian Computer Emergency Response Team (CERT-IN) said it had found multiple vulnerabilities on the online meeting platform Zoom. These vulnerabilities could allow a remote user to bypass security restrictions, CERT-IN said.

The attackers could join Zoom meetings without being visible to other participants, obtain audio and video feeds and even disrupt the meetings, CERT-IN said and advised users to upgrade to the latest versions.

CERT-In rated the severity of vulnerabilities as medium, and said the software supporting the Zoom On-Premise meeting connector MMR version could be affected due to the vulnerabilities. These vulnerabilities exist due to improper access control implementation, it said.

CERT-IN works under the Union Ministry of Electronics and Information Technology  and is the nodal agency to deal with cyber security threats like hacking and phishing.

Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter

Source…