A new Zero-day vulnerability of Zoom video conferencing software has been discovered by a private security company that affects Windows 7 and below Operating Systems. This newly discovered vulnerability is said to have the ability to execute arbitrary code on an unsuspecting victim that is still running an unsupported Microsoft Windows 7 OS or older.
The vulnerability has been discovered by an anonymous researcher and reported to a Slovenian cybersecurity firm – Acros Security, which then informed the Zoom security team about.
As the attack needs human interaction, the attacker will only need to perform some typical action to successfully execute the exploit. This includes tricking the Zoom user into opening a received file, and Security warning will not be triggered.
This vulnerability is although present in all supported versions of Zoom for Windows will only run in systems using Windows 7 Operating Systems and older. It can be recalled that Microsoft has ended its support for Windows 7 on January 14, 2020. However, a significant count of individuals and organizations are still making use of this unsupported OS.
Developed and released a Zoom for Windows patch
Across Security has already developed and released a patch for all Zoom Client for Windows for free to address this security issue until Zoom Video Conferencing software officially releases its security patch – 0patch (pronounced ‘zero patches’).
According to the Security firm, users with 0patch installed on their system, won’t be affected by the malicious code dispatch by the attacker as it will be dismissed.
To prevent the risk of exploitation of users that doesn’t have 0patch, they have decided to unpublish the details of the said vulnerability until the issue was fully fixed by Zoom.
On July 10, Zoom has finally announced an updated Windows software version 5.1.3 that included the patch that “fixes a security issue affecting users running Windows 7 and older.”
The above mentioned is the latest issue that the Zoom is facing, which has skyrocketed in popularity caused by the pandemic that has affected all individuals and organizations Globally.
What is our take on the issue?
Zoom is quite the new challenger in the industry who immediately gained recognition around the world for many reasons. The drawback of such a hasty user-based boom is the impact of any security flaws and vulnerabilities. New apps in the limelight tend to become the target of malicious actors, as these blackhat hackers are relentless in terms of exploiting everything possible. Companies should invest in more trustworthy and more secure platforms. As for Zoom, they should have taken the security of their platform more seriously by employing multilateral strategies to discover vulnerabilities before anyone else took advantage of any flaws.