Security News > 2020 > July > Zoom Zero-Day Allows RCE, Patch on the Way

UPDATE. A newly discovered bug in the Zoom Client for Windows could allow remote code-execution, according to researchers at 0patch, which disclosed the existence of the flaw on Thursday after pioneering a proof-of-concept exploit for it.

The company told Threatpost: "Zoom addressed this issue, which impacts users running Windows 7 and older, in the 5.1.3 client release on July 10. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.".

"Wedocumented the issue along with several attack scenarios, and reported it to Zoom earlier today along with a working proof of concept and recommendations for fixing," Kolsec wrote in a Thursday posting.

Zoom, for it's part, confirmed the zero-day to Threatpost and issued the following statement: "Zoom takes all reports of potential security vulnerabilities seriously. This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it."

Zoom quickly patched the issues upon being alerted to them.

News URL

https://threatpost.com/unpatched-zoom-bug-rce/157317/