Government wants you to update your Zoom app, here’s why – Times of India

If you happen to use the Zoom video conferencing platform for your work or personal reasons, then the Indian Computer Emergency Response Team (CERT-IN), the nodal agency under the Ministry of Electronics and Information Technology which deals with cybersecurity threats like phishing and hacking, has issued a new warning for you. The government body has issued a high-severity warning in regard to the multiple vulnerabilities found in Zoom.
Softwares and users that are affected
According to CERT-IN, the Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 and Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 are the two softwares that are affected by the newly found vulnerabilities. This means users who are using the above-mentioned versions of Zoom will be affected.

Threat description
CERT-IN has specified that multiple vulnerabilities have been found in the Zoom products that could allow “attacker to bypass security restrictions and cause denial of service on the targeted system.”
The vulnerabilities, according to the report, exist because of improper access control and debugging port misconfiguration flaw.
Hackers can exploit these vulnerabilities to use debugging port to connect and control the Zoom apps running in the Zoom client. This can let attackers bypass security restrictions and cause denial of service on the targeted system.
The solution
The government body has also suggested some solutions to fix these vulnerabilities. As per the recommendations made by CERT-IN, users can update their Zoom app with the latest version as per Zoom’s security advisory.