Zoom Zero-Day Exploit Being Sold by Hackers for $500,000: Report

An exploit for Zoom Windows client is a Remote Code Execution (RCE) that means hackers can gain access to the targets machine by running code.

Share on Facebook Tweet Snapchat Share Reddit Comment
Zoom Zero-Day Exploit Being Sold by Hackers for $500,000: Report

Photo Credit: Zoom

Zoom has been trying to address all of its security and privacy issues

Highlights
  • Zoom Windows exploit being sold for $500,000 (roughly Rs. 3.83 crore)
  • Exploits are available for both Windows and macOS
  • Zoom says there is no evidence of these exploits

Zoom is among the most used video conferencing apps and has gained a lot of users due to the ongoing coronavirus outbreak. But, there have been several security and privacy issues with the app and the team at Zoom is said to be trying to address all of them. Now, two “zero-day” flaws in the Zoom software have reportedly popped up online and exploits for these are being sold for huge sums of money. One of the flaws is present in the Windows version of Zoom client, whereas the other is part of the Zoom client for macOS.

According to a report by Motherboard, the exploit that takes advantage of ‘zero-day vulnerabilities' in Zoom's Windows client is up for sale via exploit brokers for $500,000 (roughly Rs. 3.83 crore). Zero-day flaws are unpatched and previously unknown vulnerabilities in a software or hardware.

Zoom vulnerabilities can allow someone to hack its users and spy on their calls, Motherboard states. The publication says three of its sources were contacted by brokers who were offering these exploits for sale.

“From what I've heard, there are two zero-day exploits in circulation for Zoom. [...] One affects OS X and the other Windows.. I don't expect that these will have a particularly long shelf-life because when a zero-day gets used it gets discovered,” the report quotes Adriel Desautels, the founder of Netragard, a company that used to sell and trade zero-days.

The exploit for Windows is a Remote Code Execution or RCE, as stated by one of the other two sources. These types of exploits allow hackers to execute code on the target's computer without having to rely on a phishing attack that generally depends upon deceiving the target into sharing personal information like bank account details. RCE also allows hackers to access the target's whole machine.

The exploit for Zoom for macOS is not RCE, “making it less dangerous and harder to use,” the report adds.

Zoom has responded to this report and said it did not find any evidence for these claims, Motherboard writes.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Zoom, Windows, macOS, Remote Code Execution
Vineet Washington Vineet Washington writes about gaming, smartphones, audio devices, and new technologies for Gadgets 360, out of Delhi. Vineet is a Senior Sub-editor for Gadgets 360, and has frequently written about gaming on all platforms and new developments in the world of smartphones. In his free time, Vineet likes to play video games, make clay models, play the guitar, watch sketch-comedy, and anime. Vineet is available on vineetw@ndtv.com, so please send in your leads and tips. More
Government Warns About Using Zoom App, Issues Advisory for Secure Use by Individuals
Sundar Pichai's Memo on Google Decision: 'Significant Pain' of Pandemic

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com