Industry News

Zoom Zero-Day Windows Vulnerability Selling for $500,000

A couple of zero-day Zoom vulnerabilities are reportedly for sale online, including one for Windows and one for macOS, with the asking price for the Windows one topping $500,000, according to a Motherboard report.

Zero-day vulnerabilities are the most significant threats to any piece of software or hardware. It’s called zero-day because the vulnerability is not known to the developers that made the affected software. Sometimes, the vulnerability is fixed without falling into the hands of hackers or other bad actors, but that’s not always the case.

The value of a zero-day vulnerability is directly proportional to the popularity of the software affected, and there’s no doubt that Zoom’s recently found fame ensures that any zero-day aimed at the platform is really valuable.

The Motherboard report claims that a couple of zero-day vulnerabilities are available for both Windows and macOS Zoom clients, which in theory would allow attackers to join meetings and record everything. The vulnerability for the Zoom Windows app is reportedly available for $500,000.

There isn’t much information on the vulnerabilities, just that the one for Windows is a Remote Code Execution exploit, which is a rather common attack. The macOS zero-day is different, but that’s pretty much everything that’s known about it.

There is a bit of good news as well. Usually, when such exploits are deployed, they are quickly discovered and patched.

So far, Zoom says that they are not aware of any such vulnerabilities in their software.

”Since learning of these rumors, we have been working around the clock with a reputable, industry-leading security firm to investigate them,” said Zoom. “To date, we have not found any evidence substantiating these claims.”

Zoom is in hot water after multiple security issues were discovered in the past few weeks. The company has been frantically trying to plug the holes, and many governments around the world are now recommending against the use of the app in official settings.

About the author

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.