Critical Zoom Security Alert: CERT-In Warns Users to Update Immediately

The Indian government has issued a critical security warning for Zoom users across Windows, macOS, and Android platforms. CERT-In’s November 14 alert highlights multiple vulnerabilities that could allow hackers to bypass security layers and steal sensitive data.

What The Security Alert Reveals

The Indian Computer Emergency Response Team (CERT-In) has identified multiple security vulnerabilities affecting Zoom products. According to the official note, these issues stem from “external control of file name or path, improper verification of cryptographic signature, improper authorization handling and certificate validation.”

The agency classifies these Zoom security issues as high-risk for both business and personal users. “Successful exploitation of these vulnerabilities could be exploited by an attacker to trigger elevation of privilege, conduct cross site scripting attacks and disclosure of sensitive information on the targeted system,” the warning states.

Affected Zoom Versions and Platforms

The government bulletin specifies the vulnerable Zoom versions that require immediate updating:

• Zoom Workplace for macOS before version 6.5.10
• Zoom Workplace (various clients) before version 6.5.10
• Zoom Workplace VDI Client for Windows before version 6.5.10
• Zoom Workplace VDI Plugin for macOS (Universal Installer) before versions 6.3.14, 6.4.14, and 6.5.10
• Zoom Workplace for Android before version 6.5.10
• Zoom Clients / Meeting SDK / Workplace SDK

Immediate Action Required

Given Zoom’s continued popularity for professional and personal use since the pandemic, these security risks demand urgent attention. Users running Zoom on Android, iOS, or Windows systems with versions prior to those listed should update immediately.

To secure your devices from potential hacking threats, open the Zoom application on your desktop, Mac, or mobile device and install any available software updates for your platform.