Zoom, a company behind the popular videoconferencing software, is working on a patch for a serious vulnerability in its Zoom client for Windows.
Reported by Across security, the issue is a remote code execution flaw that allows an adversary to execute code by tricking a victim into performing some typical action such as opening document file without any warning being shown to the user.
According to the 0patch team, the flaw has several mitigating factors. Firstly, it is only exploitable on systems running Windows 7 and older versions of the operating system that are no longer supported by Microsoft. Secondly, the attack requires user interaction.
Zoom has confirmed the vulnerability in a statement.
“Zoom takes all reports of potential security vulnerabilities seriously. This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it,” the company said.