According to Motherboard, the two flaws are so-called zero-days, and are present in Zoom's Windows and MacOS clients. The sources have not seen the actual code for these vulnerabilities, but have been contacted by brokers offering them for sale. Zero-day exploits or just zero-days or 0days are unknown vulnerabilities in software or hardware that hackers can take advantage of to hack targets. Depending on what software they're in, they can be sold for thousands or even millions of dollars.
Last week there was an increased interest in zero-days for Zoom as millions of people, including employees and executives at big companies around the world, moved onto the platform for sensitive or confidential meetings, due to the coronavirus pandemic.
Adriel Desautels, the founder of Netragard, a company that used to sell and trade zero-days said: "From what I've heard, there are two zero-day exploits in circulation for Zoom.One affects OS X and the other Windows. I don't expect that these will have a particularly long shelf-life because when a zero-day gets used it gets discovered."