The Zoom web conference Client contained a zero-day vulnerability that could have allowed attackers to execute commands on vulnerable systems remotely.
The exploitation of the vulnerability required at least some form of action on the victim’s end, such as downloading and opening a malicious attachment, however, no security notifications would be triggered during exploitation.
A researcher, who prefers to remain anonymous, reached out to the 0patch team disclosing the vulnerability rather than reporting it directly to Zoom.
Researchers at 0patch then issued a “micropatch” free of charge until Zoom could release their own.
“According to our guidelines, we’re providing