Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Zoom zero-day vulnerabilities are being auctioned for up to US$500,000

Zoom has yet another security issue. (Image via Zoom)
Zoom has yet another security issue. (Image via Zoom)
Two new zero-day vulnerabilities have been found for the popular teleconferencing software Zoom. The exploits, one of which affects the Windows client and the other of which affects the macOS client, are currently up for auction on the Dark Web. The Windows exploit is particularly nasty as it allows for Remote Code Execution, or RCE.
Sam Medley,

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! English native speakers welcome!

News Writer - Details here

If you work for a corporation or have regular meetings, there’s a good chance you’ve become well-acquainted with Zoom over the past weeks. The video streaming platform has been embraced by hundreds of businesses to handle their video conferencing needs. Unfortunately, this surge in popularity has also made Zoom a primary target for hackers. 

The latest security foible to plague Zoom revolves around two zero-day exploits that have recently been discovered. The vulnerabilities, once of which affects the Windows Zoom client and the other of which affects the Mac version, are being auctioned off on the Dark Web. The asking price for the Windows exploit, according to multiple inside sources cited by Motherboard, currently sits at US$500,000.

The reason behind the high price asked for the Windows exploit is that it allows for Remote Code Execution, or RCE. RCE is particularly valuable to hackers because it can enable the execution of code on a targeted machine from a remote position. The macOS zero-day is not an RCE, so it can only affect the Zoom application itself. 

Zoom responded to this news by stating that it has “not found any evidence substantiating these claims.” Still, Zoom is working to investigate and close these holes. 

Real or not, the discussion of these zero-days presents a major problem for Zoom. The company has dealt with multiple security and privacy issues over the past few months, including video call hacks and a warning to U.S. government agencies against using Zoom for conference calls. To the average layman, these bugs shouldn’t be cause for worry, but users should be aware that their video conferences may not be secure as they believe.

Do you use Zoom for video conferences? Are you worried about these zero-day exploits? Let us know in the comments. 

, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Sam Medley
Sam Medley - Senior Tech Writer - 1129 articles published on Notebookcheck since 2016
I've been a computer geek my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a database administrator. I started working with Notebookcheck in October of 2016 and have enjoyed writing news and reviews. I've also written for other outlets including UltrabookReview and GeeksWorldWide, focusing on consumer guidance and video gaming. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not writing on electronics or tinkering with a device, I'm either outside with my family, enjoying a decade-old video game, or playing drums or piano.
contact me via: @samuel_medley
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2020 04 > Zoom zero-day vulnerabilities are being auctioned for up to US$500,000
Sam Medley, 2020-04-16 (Update: 2020-04-16)