Security News > 2020 > July > Better get Grandma off Windows 7 because zero-day bug in Zoom allows remote code execution on vintage OS
With world+dog on Zoom these days, news of a zero-day attack against the videoconferencing app would cause a stir, but relax - it's only if you're on Windows 7 or older.
An independent researcher told ACROS Security about the flaw that would allow for remote code execution on any Zoom Client for Windows used by Windows 7, even with extended support after the OS was shuttered in January.
The indictment stated that after installing their own remote access software, which also monitored the network's security software to protect itself, the crew then auctioned off the company to the highest bidder online.
A Register reader has tipped us off to a successful hack that could really hurt local governments.
Google already bans such products from its app store, as does Apple, but it was quite happy to tell people where to buy the covert tracking code if they wanted it.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/07/13/in_brief_security/
Related news
- New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution (source)
- “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days (source)
- New Windows SmartScreen bypass exploited as zero-day since March (source)
- Windows driver zero-day exploited by Lazarus hackers to install rootkit (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)