Zoom clients in Windows 8 or Windows 10 are not affected, according to ACROS Security CEO Mitja Kolsek.
"The vulnerability allows a remote intruder to execute code on computer of the victim where the Zoom Client for Windows is installed, making the user perform some standard action, such as opening a document ", said Kolsek.
"No security warning is displayed to the user during attack"He added.
Kolsek said ACROS did not discover the vulnerability on its own. She was informed by a security investigator who wanted to keep his identity secret.
ACROS reported zero-day vulnerabilities in Zoom and released an update to Zoom 0patch client to prevent attacks on its own customers until Zoom releases a formal patch. Below you can see one video, which shows how zero-day vulnerability can be exploited and how it is blocked by the 0patch client.
ACROS did not release further technical details vulnerability.
"Zoom takes all reports with potential security errors seriously. This morning we received a report on an issue that affects users using Windows 7 and older versions. "We have confirmed this issue and are currently working on a patch to resolve it quickly."
No information has yet been released on the release date.
In recent months, Zoom had stopped releasing new features to focus on improvements to enhance their security users, as various security issues were revealed in April.