A couple of zero-day Zoom vulnerabilities are reportedly for sale online, including one for Windows and one for macOS, with the asking price for the Windows one topping $500,000, according to a Motherboard report.
Zero-day vulnerabilities are the most significant threats to any piece of software or hardware. It’s called zero-day because the vulnerability is not known to the developers that made the affected software. Sometimes, the vulnerability is fixed without falling into the hands of hackers or other bad actors, but that’s not always the case.
The value of a zero-day vulnerability is directly proportional to the popularity of the software affected, and there’s no doubt that Zoom’s recently found fame ensures that any zero-day aimed at the platform is really valuable.
The Motherboard report claims that a couple of zero-day vulnerabilities are available for both Windows and macOS Zoom clients, which in theory would allow attackers to join meetings and record everything. The vulnerability for the Zoom Windows app is reportedly available for $500,000.
There isn’t much information on the vulnerabilities, just that the one for Windows is a Remote Code Execution exploit, which is a rather common attack. The macOS zero-day is different, but that’s pretty much everything that’s known about it.
There is a bit of good news as well. Usually, when such exploits are deployed, they are quickly discovered and patched.
So far, Zoom says that they are not aware of any such vulnerabilities in their software.
”Since learning of these rumors, we have been working around the clock with a reputable, industry-leading security firm to investigate them,” said Zoom. “To date, we have not found any evidence substantiating these claims.”
Zoom is in hot water after multiple security issues were discovered in the past few weeks. The company has been frantically trying to plug the holes, and many governments around the world are now recommending against the use of the app in official settings.