The Zoom video meeting service has found several security flaws in its system. The company asks its users to update their applications to the latest version, both on mobile and desktop, to avoid cyber attacks. As he explained, one of the flaws detected allows “a malicious actor to obtain the audio and video transmission of a meeting that he was not authorized to enter”, as well as “causing other interruptions”.
This vulnerability has been rated “high” severity by Zoom and it has been the one that has caused the alert. The other two bugs reported by the company, in this case considered “medium” in severity, mean that “a malicious actor can join a meeting that he is authorized to enter without appearing to the other participants.”
The holes have been found by Zoom’s own Offensive Security team. These types of professionals are dedicated to trying to hack their own applications in search of failures. Your goal is to find them before the cybercriminals and prevent them from being exploited.
elDiario.es has contacted Zoom to ask if the company has any evidence that the breach has been used for cyber espionage of meetings. At the moment he has not received a response.
The Internet Security Office, belonging to the National Institute of Cybersecurity (Incibe) has sent an alert this Wednesday to inform users of the vulnerabilities. “It is recommended to update the application as soon as possible. To do this, access the download center of Zoom, and download and install the latest version available”, they recommend to users. Incibe has also classified its alert as a “high” priority.
Zoom does not report its number of total users, since many do not have their applications downloaded and use their service through the browser. The latter would not be affected by security flaws. However, Zoom does report that it has some 204,000 business customers who pay to use its apps.
After becoming known worldwide during the lockdowns forced by the conoravirus, the company reached a stock market valuation of more than 20,000 million euros. Its quarterly income exceeds 1,000 million dollars, according to Statistical.