Zoom took months to repair a flaw that would allow hackers to take complete control of a computer, even after multiple researchers and clients reported the vulnerability to the company
Last year, Zoom took three months to fix a security flaw that allowed hackers to potentially gain control over certain user's computers running Apple's macOS, according to a report from The New York Times on Monday.
The issue, which Zoom addressed and fixed last July, was brought to the company's attention from multiple security researchers who participated in a hackathon hosted by Dropbox, the report said. Dropbox, which is a Zoom customer and partner, then presented the findings to Zoom, which only fixed the issues after another researcher found the same flaw.
In early 2019, Dropbox sponsored HackerOne Singapore, a live hacking competition. Two employees of the company Assetnote, an Australian security company, attended the conference and discovered the flaw that that could allow an attacker to covertly take control of certain computers running Apple's macOS. However, Zoom didn't take steps to fix the flaw until a third, independent security researcher found another flaw with the same underlying issue.