Zoom Zero-Day Exploit Being Sold by Hackers for $500,000: Report

An exploit for Zoom Windows client is a Remote Code Execution (RCE) that means hackers can gain access to the targets machine by running code.

By Vineet Washington | Updated: 16 April 2020 16:36 IST

Highlights

Zoom Windows exploit being sold for $500,000 (roughly Rs. 3.83 crore)
Exploits are available for both Windows and macOS
Zoom says there is no evidence of these exploits

Zoom Zero-Day Exploit Being Sold by Hackers for $500,000: Report

Zoom has been trying to address all of its security and privacy issues

Photo Credit: Zoom

Zoom is among the most used video conferencing apps and has gained a lot of users due to the ongoing coronavirus outbreak. But, there have been several security and privacy issues with the app and the team at Zoom is said to be trying to address all of them. Now, two “zero-day” flaws in the Zoom software have reportedly popped up online and exploits for these are being sold for huge sums of money. One of the flaws is present in the Windows version of Zoom client, whereas the other is part of the Zoom client for macOS.

According to a report by Motherboard, the exploit that takes advantage of ‘zero-day vulnerabilities' in Zoom's Windows client is up for sale via exploit brokers for $500,000 (roughly Rs. 3.83 crore). Zero-day flaws are unpatched and previously unknown vulnerabilities in a software or hardware.

Zoom vulnerabilities can allow someone to hack its users and spy on their calls, Motherboard states. The publication says three of its sources were contacted by brokers who were offering these exploits for sale.

“From what I've heard, there are two zero-day exploits in circulation for Zoom. [...] One affects OS X and the other Windows.. I don't expect that these will have a particularly long shelf-life because when a zero-day gets used it gets discovered,” the report quotes Adriel Desautels, the founder of Netragard, a company that used to sell and trade zero-days.

The exploit for Windows is a Remote Code Execution or RCE, as stated by one of the other two sources. These types of exploits allow hackers to execute code on the target's computer without having to rely on a phishing attack that generally depends upon deceiving the target into sharing personal information like bank account details. RCE also allows hackers to access the target's whole machine.

The exploit for Zoom for macOS is not RCE, “making it less dangerous and harder to use,” the report adds.

Zoom has responded to this report and said it did not find any evidence for these claims, Motherboard writes.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.