As part of the telecoms sector regulator’s mandate to consumers, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has advised users of videotelephony platform, Zoom, to install the latest update of the software from its publisher’s official Web site.
The Commission stated that the latest advisory to users was sequel to the NCC-CSIRT discovery
of vulnerabilities that allow a remote attacker to exploit the app.
Mr. Reuben Muoka, Director of Public Affairs at NCC,
September 22, 2022, said in advisory issued on Wednesday, NCC-CSIRT had
reported that the Indian Computer Emergency Response Team (CERT-In) found
several flaws in the Zoom product.
The videoconferencing platform is said to have become
popular for virtual meetings in the wake of the Coronavirus (COVID-19) pandemic
with over 300 million daily users.
The NCC-CSIRT advisory also noted that “a remote attacker
could exploit the vulnerabilities to circumvent implemented security measures
and cause a denial of service on the targeted machine.”
It further stated that “these vulnerabilities exist owing to
incorrect access control implementation in Zoom On-Premises Meeting Connector
MMR prior to version 4.8.20220815.130.”
According to advisory, a remote attacker could exploit these
flaws to join a meeting they were not permitted to attend without being seen by
the other attendees.
“They can also access audio and video feeds from meetings
they were not permitted to attend, as well as interrupt other sessions.”
The Commission also explained that successful exploit of
these vulnerabilities could allow an unauthorised remote authenticated user to
bypass implemented security limitations on the targeted system.