The Nigerian Communications Commission's Computer Security Incident Response Team has advised Zoom users to install the latest update of the software from its publisher's official website following the discovery of deficiencies that allow a cybercriminal to manipulate the app.
According to the NCC's Director of Public Affairs, Reuben Muoka, on Thursday, it was noted that in an advisory issued on Wednesday, the NCC-CSIRT reported that the Indian Computer Emergency Response Team discovered several deficiencies in the Zoom product.
With over 300 million daily users, the videotelephony platform grew in popularity for virtual meetings in the aftermath of the COVID-19 Pandemic.
The NCC said, “These vulnerabilities exist owing to incorrect access control implementation in Zoom On-Premises Meeting Connector MMR prior to version 4.8.20220815.130.
“A remote attacker could exploit these flaws to join a meeting they were not permitted to attend without being seen by the other attendees. They can also access audio and video feeds from meetings they were not permitted to attend, as well as interrupt other sessions.”
An unauthorised remote authenticated user could bypass implemented security limitations on the targeted system if these vulnerabilities are successfully exploited.
The NCC established the Computer Security Incident Response Team as the telecom sector's cyber security incident centre to focus on incidents in the telecom sector that may affect telecom consumers and citizens at large.
The CSIRT also collaborates with the Nigeria Computer Emergency Response Team, which was established by the Federal Government to reduce the number of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace against attacks, problems, or related events. events.