"Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input"

Pwn2OW is a contest that allows white-hat cybersecurity professionals and teams to compete in the discovery of bugs in popular software and services.  This year the winning team was Computest, and they discovered a vulnerability in Zoom.  The team earned themselves $200,000 for their Zoom discovery. The Computest researchers demonstrated a three-bug attack chain that caused an RCE on a target machine, and all without any form of user interaction.  The team was able to show how an attacker could open a calculator program of a machine running Zoom following its exploit.  Zoom has not yet had time to patch the critical security issue, so the vulnerability's specific technical details are being kept under wraps. The attack works on both Windows and Mac versions of Zoom, but it has not yet been tested on iOS or Android. The browser version of the videoconferencing software is not impacted. 

ZDNet reports: "Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input"