Zoom zero-day vulnerabilities are being auctioned for up to US$500,000
If you work for a corporation or have regular meetings, there’s a good chance you’ve become well-acquainted with Zoom over the past weeks. The video streaming platform has been embraced by hundreds of businesses to handle their video conferencing needs. Unfortunately, this surge in popularity has also made Zoom a primary target for hackers.
The latest security foible to plague Zoom revolves around two zero-day exploits that have recently been discovered. The vulnerabilities, once of which affects the Windows Zoom client and the other of which affects the Mac version, are being auctioned off on the Dark Web. The asking price for the Windows exploit, according to multiple inside sources cited by Motherboard, currently sits at US$500,000.
The reason behind the high price asked for the Windows exploit is that it allows for Remote Code Execution, or RCE. RCE is particularly valuable to hackers because it can enable the execution of code on a targeted machine from a remote position. The macOS zero-day is not an RCE, so it can only affect the Zoom application itself.
Zoom responded to this news by stating that it has “not found any evidence substantiating these claims.” Still, Zoom is working to investigate and close these holes.
Real or not, the discussion of these zero-days presents a major problem for Zoom. The company has dealt with multiple security and privacy issues over the past few months, including video call hacks and a warning to U.S. government agencies against using Zoom for conference calls. To the average layman, these bugs shouldn’t be cause for worry, but users should be aware that their video conferences may not be secure as they believe.
Do you use Zoom for video conferences? Are you worried about these zero-day exploits? Let us know in the comments.