Security researchers Daan Keuper and Thijs Alkemade from Computest demonstrated how a three-bug attack chain could be used to remotely activate code through Zoom on a user’s computer. This without the attacker even having to interact with the user. The attack must have been carried out on Windows as well as Mac.
A more detailed description than that has not been given by the lack of security because Zoom has not yet had time to close it. However, the vulnerability should apply to Zoom Chat and not Zoom Meetings or Zoom Video Webinars. The attacker must also be a contact that the intended victim has accepted.
The discovery of the vulnerability will lead to a total compensation of $ 200,000 to Daan Keuper and Thijs Alkemade. While waiting for the patch to be released, concerned users may use the browser version of Zoom instead of the app.