The Computer Emergency Response Team of India (CERT-In) said the severity rating of this vulnerability is "high" and advised users to update the app and its security by visiting the Zoom support service website.
A vulnerability has been noticed in the Zoom video conferencing application for Windows 7 and earlier versions that could allow an attacker to remotely execute arbitrary code on the targeted system, a national cyber security agency said on Friday. The Computer Emergency Response Team of India (CERT-In) said the severity rating of this vulnerability is “high” and advised users to update the app and its security by visiting the Zoom support service website.
“The vulnerability has been reported in the Zoom video conferencing application running on Windows 7 and earlier Windows versions which could allow a remote attacker to execute arbitrary code on the targeted system,” the advisory said. It said a remote attacker could exploit this vulnerability by enticing the user to execute a specially crafted file.
- Nothing launches its first product, the aggressively priced Ear (1) earbuds with one-of-its-kind transparent design
- Intel Accelerated: Intel lays down 5-year roadmap for upcoming products to reclaim chipmaking industry leadership
- Pegasus spyware: WhatsApp CEO wants Apple to do more to ensure privacy of iPhone users
“Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the target system,” said the CERT-In, the national technology arm to combat cyber attacks and guard the Indian cyber space.
The popular video conferencing platform had last month released an enhanced and encrypted version of the application in order to ensure protection and privacy of personal information.
The application had seen a mega jump in downloads after work from home become a norm for numerous office goers and professionals due to the COVID-19 outbreak and the resulting nationwide lockdown.
In April, the Union home ministry had said that the Zoom meeting platform was not safe and it was not to be used for official purposes by government officials. Such a warning was also issued by the CERT-In and was reiterated by the Cyber Coordination Centre (CyCord) of the home ministry.