A zero-day exploit for Zoom Windows RCE offered for $500,000

Pierluigi Paganini April 15, 2020

Hackers are selling two zero-day exploits for critical issues affecting the video conferencing software Zoom that would allow attackers to spy on communications.

Hackers are offering for sale an exploit for a zero-day remote code execution vulnerability affecting the Windows client for Zoom. The zero-day exploit goes for $500,000, hackers are also offering another exploit code for a flaw in the Zoom macOS client.

“Hackers are selling two critical vulnerabilities for the video conferencing software Zoom that would allow someone to hack users and spy on their calls, Motherboard has learned.” reported Motherboard.

“The two flaws are so-called zero-days, and are currently present in Zoom’s Windows and MacOS clients, according to three sources who are knowledgeable about the market for these kinds of hacks. The sources have not seen the actual code for these vulnerabilities, but have been contacted by brokers offering them for sale.”

Zoom is one of the most popular video-conferencing software, every day it is used by millions of users, especially during the COVID outbreak. For this reason, cybercriminals and nation-state actors are interested in obtaining working zero-day exploits in Zoom that could allow spying on every user of the popular software.

Adriel Desautels, the founder of the zero-day broker firm Netragard, told Motherboard that he believes that these zero-days will not have a long life once they will be used in the wild.

“[The Windows zero-day] is nice, a clean RCE [Remote Code Execution],” said one of the Motherboard sources, who is a veteran of the cybersecurity industry. “Perfect for industrial espionage.”

The exploit for the Windows Zoom client is a remote code execution vulnerability that could be exploited by attackers to execute arbitrary code on systems running the vulnerable application. Chaining the issue with other exploits is possible to take over the device running the flawed versions of the software. According to Motherboard, the MacOS exploit is not a remote code execution flaw, it is less dangerous and harder to employ in a real attack scenario.

The source told Motherboard that the zero-day exploit requires the hacker to be in a call with the target, an attacker scenario that limits its usability for nation-state actors.

The macOS exploit has less of a security impact as it doesn’t abuse an RCE bug based on the sources’ description.

Zoom announced that it is working with a leading security firm to investigate both issues.

“Zoom takes user security extremely seriously. Since learning of these rumors, we have been working around the clock with a reputable, industry-leading security firm to investigate them,” reads a statement issued by Zoom. “To date, we have not found any evidence substantiating these claims.”

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Zoom, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment