Según las fuentes de estudio de ventas de exploits, se han encontrado varias 0-Day de la aplicación de videollamadas Zoom, actualmente hay una para Windows y una para MacOS en el mercado.
Sources have not been able to investigate the code of these vulnerabilities but have been contacted to see the offers for their sale. The company Motherboard indicated that there is a lot of interest in the 0-Day of this application since most companies are using it to hold their confidential meetings due to Covid-19.
Adriel Desautels, founder of the company Netragard, who previously dedicated himself to trading 0-Day vulnerabilities and two other sources who asked to remain anonymous, have confirmed that these exploits are on the market and their initial price is half a million dollars (500.000$).
In the description of the vulnerability it indicates that for it to be effective, el atacante debe estar en la misma llamada que la victima lo que le resta valor para las compañías de espionaje que priorizan el ser sigilosos.
La empresa Zoom informó que está colaborando 24 horas al día con una empresa de ciberseguridad para corregir cualquier vulnerabilidad que se pueda encontrar en la aplicación.