A couple of zero-day Zoom vulnerabilities are reportedly for
sale online, including one for Windows and one for macOS, with the asking price
for the Windows one topping $500,000, according to a Motherboard report.
Zero-day vulnerabilities are the most significant threats to
any piece of software or hardware. It’s called zero-day because the
vulnerability is not known to the developers that made the affected software.
Sometimes, the vulnerability is fixed without falling into the hands of hackers
or other bad actors, but that’s not always the case.
The value of a zero-day vulnerability is directly
proportional to the popularity of the software affected, and there’s no doubt
that Zoom’s recently found fame ensures that any zero-day aimed at the platform
is really valuable.
The Motherboard report claims that a couple of zero-day vulnerabilities are available for both Windows and macOS Zoom clients, which in theory would allow attackers to join meetings and record everything. The vulnerability for the Zoom Windows app is reportedly available for $500,000.
There isn’t much information on the vulnerabilities, just
that the one for Windows is a Remote Code Execution exploit, which is a rather
common attack. The macOS zero-day is different, but that’s pretty much everything
that’s known about it.
There is a bit of good news as well. Usually, when such
exploits are deployed, they are quickly discovered and patched.
So far, Zoom says that they are not aware of any such
vulnerabilities in their software.
”Since learning of these rumors, we have been working around
the clock with a reputable, industry-leading security firm to investigate them,”
said Zoom. “To date, we have not found any evidence substantiating these
claims.”
Zoom is in hot water after multiple security issues were
discovered in the past few weeks. The company has been frantically trying to
plug the holes, and many governments around the world are now recommending
against the use of the app in official settings.