Security experts found 0-day vulnerability in Zoom Windows client

Acros Security experts discovered a 0-day vulnerability in the Windows client of the Zoom application for video conferencing. Researchers report that the vulnerability is a threat to Windows 7, Windows Server 2008 R2, as well as earlier versions of the OS.

It is emphasized that the bug was not found by Acros Security experts themselves, but by a certain information security specialist who wished to remain anonymous.

“Exploiting a vulnerability that ultimately leads to the execution of arbitrary code on the victim’s computer is very simple: just force the target user Zoom to open a malicious document. Moreover, the user will not see any warnings about potential danger during the attack”, — say Acros Security researchers.

Although Zoom engineers have already receive a report about the problem, there is no patch for it yet, although work on it is already underway. Therefore, Acros Security experts developing the 0patch solution have so far prepared a temporary fix.

0patch is a platform designed exactly for such situations, that is, fixes for 0-day and other unpatched vulnerabilities, support of products that are no longer supported by manufacturers, custom software, and so on.

A demonstration of the vulnerability in action, as well as blocking the bug with 0patch, can be seen in video.

Zoom representatives have not yet announced the exact release dates for the patch.

Interestingly, the zero-day vulnerability became known precisely when Zoom finally returned to active work on the application.

Let me remind you that in April of this year, after serious criticism from the IS community, and the refusal of international companies and government srtructures to use the application, Zoom suspended development for 90 days and during this period was engaged exclusively in improving security of its product.

Over the past months, the company took into account many expert recommendations, fixed a number of security problems, created a bug bounty program, established a CISO council, and also invited many third-party experts to further develop Zoom (for example, Alex Stamos, the former head of Facebook security).

At the end of June, Zoom management announced that Jason Lee, who previously served as Salesforce’s senior vice president of security, will become the company’s new head of information security.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button