Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 [vice]

Hackers are selling two critical vulnerabilities for the video conferencing software Zoom that would allow someone to hack users and spy on their calls, Motherboard has learned.

The two flaws are so-called zero-days, and are currently present in Zoom’s Windows and MacOS clients, according to three sources who are knowledgeable about the market for these kinds of hacks. The sources have not seen the actual code for these vulnerabilities, but have been contacted by brokers offering them for sale.ADVERTISEMENT

Zero-day exploits or just zero-days or 0days are unknown vulnerabilities in software or hardware that hackers can take advantage of to hack targets. Depending on what software they’re in, they can be sold for thousands or even millions of dollars.

Last week, Motherboard reported that there was an increased interest in zero-days for Zoom as millions of people, including employees and executives at big companies around the world, moved onto the platform for sensitive or confidential meetings, due to the coronavirus pandemic.

“From what I’ve heard, there are two zero-day exploits in circulation for Zoom. […] One affects OS X and the other Windows,” said Adriel Desautels, the founder of Netragard, a company that used to sell and trade zero-days. “I don’t expect that these will have a particularly long shelf-life because when a zero-day gets used it gets discovered.”

Two other independent sources, who asked to remain anonymous to discuss sensitive topics, confirmed the existence of these two exploits on the market.

For more, click here.