1 min read

Zoom Zero-Day Windows Vulnerability Selling for $500,000

Silviu STAHIE

April 16, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Zoom Zero-Day Windows Vulnerability Selling for $500,000

A couple of zero-day Zoom vulnerabilities are reportedly for sale online, including one for Windows and one for macOS, with the asking price for the Windows one topping $500,000, according to a Motherboard report.

Zero-day vulnerabilities are the most significant threats to any piece of software or hardware. It”s called zero-day because the vulnerability is not known to the developers that made the affected software. Sometimes, the vulnerability is fixed without falling into the hands of hackers or other bad actors, but that”s not always the case.

The value of a zero-day vulnerability is directly proportional to the popularity of the software affected, and there”s no doubt that Zoom”s recently found fame ensures that any zero-day aimed at the platform is really valuable.

The Motherboard report claims that a couple of zero-day vulnerabilities are available for both Windows and macOS Zoom clients, which in theory would allow attackers to join meetings and record everything. The vulnerability for the Zoom Windows app is reportedly available for $500,000.

There isn”t much information on the vulnerabilities, just that the one for Windows is a Remote Code Execution exploit, which is a rather common attack. The macOS zero-day is different, but that”s pretty much everything that”s known about it.

There is a bit of good news as well. Usually, when such exploits are deployed, they are quickly discovered and patched.

So far, Zoom says that they are not aware of any such vulnerabilities in their software.

“Since learning of these rumors, we have been working around the clock with a reputable, industry-leading security firm to investigate them,” said Zoom. “To date, we have not found any evidence substantiating these claims.”

Zoom is in hot water after multiple security issues were discovered in the past few weeks. The company has been frantically trying to plug the holes, and many governments around the world are now recommending against the use of the app in official settings.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fast Company Media Channel Hacked to Send Obscene Notifications to Apple News Fast Company Media Channel Hacked to Send Obscene Notifications to Apple News
Silviu STAHIE

September 28, 2022

1 min read
Adware Sneaks onto Google Play Store and Apple App Store, Researchers Find Adware Sneaks onto Google Play Store and Apple App Store, Researchers Find
Silviu STAHIE

September 27, 2022

1 min read
Hackers Release Stolen Data after French Hospital Refuses to Pay Decryption Ransom Hackers Release Stolen Data after French Hospital Refuses to Pay Decryption Ransom
Silviu STAHIE

September 27, 2022

1 min read