Researchers discover critical Zoom vulnerability, win $200,000

4/9/2021

For any News Coverage, Please Contact: media@jhalak.com

Security researchers have discovered a zero-day vulnerability in video conferencing platform Zoom which can be used by cybercriminals to launch remote code execution (RCE) attacks.

The vulnerability was discovered as part of a contest, Pwn2Own, organised by cybersecurity firm Trend Micro's Zero Day Initiative (ZDI), a programme designed to reward security researchers for responsibly disclosing vulnerabilities.

The researchers from the Netherlands-based Computest won $200,000 for the discovery.

"Confirmed! The duo of Daan Keuper and Thijs Alkemade from Computest used a 3-bug chain to exploit #Zoom messenger with 0 clicks from the target. They win $200,000 and 20 points towards Master of Pwn. #Pwn2Own," Zero Day Initiative tweeted on Thursday.

The competition included 23 separate entries, targeting 10 different products in the categories of web browsers, virtualisation, servers, local escalation of privilege, and enterprise communications.

The specific technical details of the vulnerability have not been made public as Zoom has not yet had time to patch the security issue, ZDNet reported.

In vulnerability disclosure programmes, it is a standard practice to offer vendors a 90-day window to fix a newly discovered security issue.

As noted by Malwarebytes, the attack works on the Windows and Mac version of the Zoom software, but it does not affect the browser version.

It is not not clear whether the iOS- and Android-apps are vulnerable since Keuper and Alkemade did not look into those, according to the report.

While thanking the Computest researchers, Zoom, in a statement to Tom's Guide, said the company was "working to mitigate this issue with respect to Zoom Chat, our group messaging product. In-session chat in Zoom Meetings and Zoom Video Webinars are not impacted by the issue".

Source: IANS

For any News Coverage,Please Contact: media@jhalak.com

Related Links

Jhalak.com - Indian Classifieds in USA.

  • Jhalak.com is an Enterprise Multi Utility Classifieds Portal Which is Integrated and Centralized Online Classifieds, Sports Software’s and Indian Movie tickets.
  • Jhalak.com is an Indian Classifieds in USA that Covers Indian Business Directory, Roommates, Nanny Services, Buy and Sell, Indian Attorneys, CPA and Financial Tax Services, Indian Doctors, Indian Events, Indian Stores, Shops, H1 B Jobs, Training Centers, Indian Restaurants, Indian Communities, Coupons, Indian Real Estate agents and Many more desi classifieds categories.
  • Our Entertainment zone is a set of Indian Movies Information include Tollywood, Bollywood, Kollywood, Sandalwood, Hollywood and Provides Online Movies Tickets for Indian Movies in USA.
  • Online Sports Software: Cricket, Volley-Ball, Tennis, Badminton, Carrom and Ping Pong and Chess.