Zero day

Two critical zero-day exploits for the Zoom video conferencing platform just hit the market.

The alleged exploits take advantage of vulnerabilities in Zoom’s Windows and MacOS applications, allowing hackers to spy on calls, and in some cases, take control of Windows machines.

Zero-day exploits are vulnerabilities that are discovered by hackers before they can be identified and patched by software companies, and often fetch a high price on the dark web. Information on how to utilize the vulnerability for the Zoom Windows app is currently being offered for $500,000.

Zoom announced that it was aware of the alleged zero-day vulnerabilities, but expressed skepticism. 

“Since learning of these rumours, we have been working around the clock with a reputable, industry-leading security firm to investigate them… To date, we have not found any evidence substantiating these claims,” the company said in an announcement.

Zoom experienced rapid growth in the wake of the Covid-19 pandemic but quickly came under fire for a litany of problems, including questionable claims about its encryption, lax default security settings, and widespread reports of “zoombombing,” where meetings are disrupted with often pornographic and hateful content. The company recently announced a 90-day freeze on the development of new features to address these issues.

Read more here.