Alleged Zoom Zero-Days for Windows, MacOS for Sale

Posted on Apr 17, 2020

Alleged Zoom Zero-Days for Windows, MacOS for Sale

Alleged Windows flaw allows for remote code execution and is being flogged for $500,000. Hackers claim they have discovered two zero-day vulnerabilities for the Zoom video conferencing platform that would allow threat actors to spy on people’s private video conferences and further exploit a target’s system. Flaws target Zoom clients for the Windows and the MacOS operating system, accordingto a published report by Vice Motherboard.

According to the report, the hackers are asking $500,000 for the Windows exploit. The article cites two unnamed cybersecurity zero-day brokers who claim hackers have approached them in an attempt to sell the zero-day code. It’s important to note, the Motherboard report states brokers have not reviewed the actual zero-day code and are basing opinion on what hackers are claiming to have for sale.

According to the article, hackers allege the Windows-based exploit is a Remote Code Execution bug that would need to be chained to an additional exploit to infiltrate a target’s system. As for the macOS-base Zoom zero-day, it can only be executed locally, meaning it is not a RCE-class bug, according to the report.