The hits just keep on coming for popular video conferencing and chat service Zoom with the latest security nightmare for the company arriving in the form of alleged vulnerabilities in the Zoom application for Windows and macOS that are listed for sale online for up to $500,000 (via TechRadar)
While Zoom is currently on a feature update freeze as they work to iron out the numerous privacy and security issues that have already been levied at them, the company is not aware of the vulnerabilities that are being referenced in these sales making them potential zero-day exploits.
- Best video chat apps and software
- Where to buy a webcam: These few retailers still have stock
- Windows 10 critical flaws revealed in April security update: What to do now
The hackers responsible for the listing claim that the exploit on the Windows side allows for the execution of code remotely on target devices, making it much more dangerous (and valuable) than the macOS exploit which requires physical access to the device.
Reportedly the vulnerability would allow a hacker to access the application. However, in order to take it further, the hacker would need to also join a video conference with the target. That makes it a more difficult hack to pull off without the targets knowledge.
Zoom has responded to these reports with a brief written statement:
"Zoom takes user security extremely seriously. Since learning of these rumors, we have been working around the clock with a reputable, industry-leading security firm to investigate them, ...To date, we have not found any evidence substantiating these claims."
Given that Zoom's security reputation is pretty tarnished at the moment, it's difficult to know whether this is merely hackers trying to trade on the belief that such exploits do probably exist in Zoom's software or if these vulnerabilities do in fact exist.
If you are looking for an alternative, we did a recent roundup of the best video conferencing apps and many have a superior security track record.