The INCIBE Internet Security Office has just published a security alert announcing the detection of several serious vulnerabilities that affect the popular Zoom videoconferencing software. Both would allow a possible attacker to obtain an elevation of privilege that would make it easier for you to access the audio and video of any meeting…

…including those in which the attacker is neither invited nor authorized to participate. If, in addition, you actually have an invitation to the affected videoconference, these vulnerabilities continue to offer those who exploit them invisibility to other participants.

The advice of the Zoom developers, who have sent their users via e-mail, coincides with that published by INCIBE: it boils down to “update the app as soon as possible”. To do this, we must access the Zoom Download Center, and download and install the latest version available.

“From INCIBE, through the Internet Security Office (OSI), we recommend keeping applications and programs correctly updated. And if the configuration allows it, activate the automatic update option”.

Zoom cybersecurity

We do not know how many users have received the communication from Zoom (and, therefore, how many have been exposed to said vulnerability), as the company maintains a policy of not making such figures public. It is known, however, that it serves 204,000 business customers, which allows to have an idea of ​​the dimensions of the application and the danger that it is vulnerable.

The aforementioned vulnerabilities have been detected by Zoom’s own ‘offensive security team’, in charge of hacking its own product to detect flaws before cybercriminals do. For now, there is no news that the latter have managed to identify and exploit these bugsso perhaps no videoconference has been exposed yet…

…at least not for these vulnerabilities, although Zoom has a particularly bad track record when it comes to security issues, most of them detected after the pandemic skyrocketed popularity in a few months of this app. At that time, the CNI came to advise against its use in meetings in which ‘sensitive information’ was handled.

the news arrives just a month later news spread that a renowned cybersecurity expert, Patrick Wardle (the cousin of the creator of Wordle), had discovered that a vulnerability in the Mac version of Zoom, detected and theoretically fixed in early 2020, had reappeared now making it easy for any attacker with physical access to our computer to gain root privileges.