Two zero-day exploits for the Zoom video conferencing software are available to buy from hackers for $500,000 (R9.3 million), Vice reports.
Sources told Vice that one of these exploits is for Windows and the other for MacOS.
“From what I’ve heard, there are two zero-day exploits in circulation for Zoom,” said Adriel Desautels, the founder of security company Netragard.
However, Desautels doesn’t believe these exploits will be valuable for long as once they are used, they will be found and patched.
About the flaws
According to a second, anonymous source, the zero-day flaw in Windows is a Remote Code Execution (RCE) exploit, which is “perfect for industrial espionage”.
This allows the malicious party to run code on the victim’s computer without needing them to expose themselves by human error.
However, one source said that the Windows exploit requires the hacker to be in the same call as the victim – meaning many malicious parties will not have a good use for it.
The source, therefore, believes that the exploit is worth about half the current asking price.
The report stated the MacOS flaw is not an RCE exploit, which means it is less useful than the Windows hack.
Zoom told Vice it has not found any evidence which justifies the claims made by these sources.
“Since learning of these rumours, we have been working around the clock with a reputable, industry-leading security firm to investigate them,” it said.
“To date, we have not found any evidence substantiating these claims.”
Zoom CEO Eric Yuan previously said that Zoom will meet the highest security standards following several security issues it has suffered in recent times.
“Zoom is safe compared to peers,” said Yuan.
“We are determined to do better and hold ourselves to the highest standard on security and privacy.”