10 July 2020

RCE-bug found in Zoom client for Windows


RCE-bug found in Zoom client for Windows

Zoom, a company behind the popular videoconferencing software, is working on a patch for a serious vulnerability in its Zoom client for Windows.

Reported by Across security, the issue is a remote code execution flaw that allows an adversary to execute code by tricking a victim into performing some typical action such as opening document file without any warning being shown to the user.

According to the 0patch team, the flaw has several mitigating factors. Firstly, it is only exploitable on systems running Windows 7 and older versions of the operating system that are no longer supported by Microsoft. Secondly, the attack requires user interaction.

Zoom has confirmed the vulnerability in a statement.

“Zoom takes all reports of potential security vulnerabilities seriously. This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it,” the company said.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024