What are the new Zoom security flaws
Zoom and CERT-In have identified three security flaws in the video-conferencing platform which are named CVE-2022-28758, CVE-2022-28759 and CVE-2022-28760. These vulnerabilities are affecting one of the server processes of Zoom’s On-Premise Meeting Connector feature.
The company explains that the meeting connector feature allows organisations to host meetings on their private cloud by using virtual machines within the internal company network. This feature will include two server processes — the Zone Controller (ZC) and Multimedia Router(MMR) and the flaw has been discovered in the MMR process. This process supports up to 200 virtual meeting participants at the same time. CERT-In has rated this severity as medium and has outlined ways to avoid falling victim to such vulnerabilities.
Update Zoom immediately
The government has advised users to update Zoom on their desktops to its latest version. The mobile version of the Zoom app seems unaffected by this security flaw, yet it is better to update that too to the new version for the sake of online safety.
To update Zoom on PC and Mac, first sign in to Zoom’s desktop client on both Windows and macOS. After that, click on your profile picture and select the option to check for updates. Zoom will automatically download and install a new version, when available. Users who access the Zoom app through their mobile devices can head to their respective Google Play store or Apple App Store to update the application.