Kolsek said the micropatch would be made available for free until such time as Zoom addressed the issue and added that he had chosen not to publish full technical details of the zero-day at this time to prevent possible exploitation. These have been distributed already, so 0patch users are not affected by the issue. The vulnerability has been disclosed to Zoom via its bug bounty programme.Ġpatch has already been able to create a small patch to remove the vulnerability in four different places in the code, which has been ported from the latest version of Zoom for Windows – 5.1.2 – back to version 5.0.3, which was released on. Writing on 0patch’s disclosure blog, Kolsek said that analysis of the zero-day had shown it is only exploitable on Windows 7 (and older systems), which is now out of support, although millions of consumer and enterprise users are still prolonging their use of it.
According to Mitja Kolsek of 0patch, a platform designed to distribute microscopic patches to running systems – who was informed of the vulnerability by an independent researcher who wants to remain anonymous – the vulnerability would let a remote attacker execute arbitrary code on their target’s PC if the Zoom Client for Windows was installed on it – typically by getting them to open a malicious file attachment.
0 kommentar(er)
