According to multiple researchers, unnamed threat actors operating on underground markets have offered to sell exploits for vulnerabilities that they claim exist in the Zoom client for Windows and MacOS. Neither the claimed vulnerabilities nor the alleged exploits have been proven to exist, but the sellers are asking for $500,000 USD in exchange for the information. The exploit for Windows is claimed to allow remote code execution (RCE) but requires the attacker to be in a Zoom call with their intended victim. The MacOS exploit is less capable and does not result in RCE. A Zoom company spokesperson responded to the claims: “Zoom takes user security extremely seriously. Since learning of these rumors, we have been working around the clock with a reputable, industry-leading security firm to investigate them. To date, we have not found any evidence substantiating these claims.”
Analyst Notes
Binary Defense believes the threat from these alleged exploits is low. Because the alleged exploit requires attackers to be in a Zoom call with their target, the best way to protect against the possibility of being affected is to follow the advice that Zoom provides for securing meetings with passwords and not accepting invitations to join Zoom meetings from unknown sources. It is also important to keep software up-to-date with security patches when updates are available from the software provider. The Zoom client software provides a built-in update mechanism. Do not download and install software from unknown sources that claim to be a security update, because that is frequently used by threat actors to disguise malware.
For more information, please see: https://www.vice.com/en_us/article/qjdqgv/hackers-selling-critical-zoom-zero-day-exploit-for-500000
