Disclaimer: We may earn a commission if you make any purchase by clicking our links. Please see our detailed guide here.

Follow us on:

Google News
Whatsapp

Researchers Who Discovered Critical Zoom Vulnerability Wins $200,000

IANS
IANS
Meet the voice behind Indo-Asian News Service (IANS), a storyteller navigating the currents of global events with precision and depth. Crafting narratives that bridge cultures, IANS brings you the pulse of the world in every word

Security researchers have discovered a zero-day vulnerability in video conferencing platform Zoom which can be used by cybercriminals to launch remote code execution (RCE) attacks.

The vulnerability was discovered as part of a contest, Pwn2Own, organized by cybersecurity firm Trend Micro’s Zero Day Initiative (ZDI), a program designed to reward security researchers for responsibly disclosing vulnerabilities.

The researchers from the Netherlands-based Computest won $200,000 for the discovery.

“Confirmed! The duo of Daan Keuper and Thijs Alkemade from Computest used a 3-bug chain to exploit #Zoom messenger with 0 clicks from the target. They win $200,000 and 20 points towards Master of Pwn. #Pwn2Own,” Zero Day Initiative tweeted on Thursday.

The competition included 23 separate entries, targeting 10 different products in the categories of web browsers, virtualisation, servers, local escalation of privilege, and enterprise communications.

The specific technical details of the vulnerability have not been made public as Zoom has not yet had time to patch the security issue, ZDNet reported.

In vulnerability disclosure programmes, it is a standard practice to offer vendors a 90-day window to fix a newly discovered security issue.

As noted by Malwarebytes, the attack works on the Windows and Mac versions of the Zoom software, but it does not affect the browser version.

It is not not clear whether the iOS- and Android-apps are vulnerable since Keuper and Alkemade did not look into those, according to the report.

While thanking the Computest researchers, Zoom, in a statement to Tom’s Guide, said the company was “working to mitigate this issue with respect to Zoom Chat, our group messaging product. In-session chat in Zoom Meetings and Zoom Video Webinars are not impacted by the issue”.

The Latest

Partner With Us

Digital advertising offers a way for your business to reach out and make much-needed connections with your audience in a meaningful way. Advertising on Techgenyz will help you build brand awareness, increase website traffic, generate qualified leads, and grow your business.

Recommended