The UAE’s Telecommunications and Digital Government Regulatory Authority (TDRA) has issued a warning to users of the video-conferencing platform Zoom.
Zoom offers free video and audio chat services. It can be recalled that the UAE opened video call access to apps similar to Zoom during the onset of the COVID-19 pandemic last 2020 to support distance learning and work from home.
In a statement released by TDRA on social media, the agency highlighted that “some vulnerabilities have been discovered in “Zoom” application for communication on various platforms”, due to which users’ devices may be compromised.
⚠️⚠️#alert regarding #zoom application @cscae1 pic.twitter.com/7qJLstAidK
— تدرا 🇦🇪 TDRA (@tdrauae) May 27, 2022
In its Security Bulletin, Zoom mentions that “users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.”
It also reflect that all vulnerability concerns have been addressed as of May 27, 2022.
Some of the vulnerability concerns recorded were:
- A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1
- A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.
- The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services.
TRDA requests all Zoom platform users to update the program and ensure to have its latest updated version.
