ADVERTISEMENT
Zoom patches Zero-day flaw in Windows 7 PC version
Anuriha Kodali
DH Web Desk
Last Updated IST
Zoom website (screen-grab)
Zoom website (screen-grab)

Video conferencing service Zoom had a zero-day vulnerability, which could have allowed external attackers to remotely control machines running on Windows 7 or older Windows operating systems.

The vulnerability was first uncovered by ACROS Security researchers. In the official 0patch blog, the cyber experts have shared a remote code execution "0day" vulnerability in Zoom Client for Windows with the ACROS team, allowing them to narrow down that “ The vulnerability allows a remote attacker to execute arbitrary code on victim's computer where Zoom Client for Windows (any currently supported version) is installed by getting the user to perform some typical action such as opening a document file.”

To further implicate things, no security warning is shown to the user in the course of the attack. The researcher who remained anonymous reported the vulnerability to ACROS instead of taking the matter to Zoom directly. ACROS released free micro patches to tide users over until Zoom released its own to cater to the issue.

ADVERTISEMENT

Taking cognisance of the issue, Zoom was quick to release a patch to solve the problem, taking matters under control in just one day. Addressing the issue in the patch released last Friday, the company released notes of version 5.1.3.

Although Zoom has warned users to keep updating their app, it was found that many users were still using older versions. Therefore, ACROS has released several micro patches, pertaining to all versions users may have installed.

Get the latest news on new launches, gadget reviews, apps, cyber security, and more on personal technology only on DH Tech.

ADVERTISEMENT
(Published 14 July 2020, 18:03 IST)