PT-2021-10997 · Microsoft · Skype

Jean-Jamil Khalife

Published

2021-01-11

Updated

2021-01-14

CVE-2020-24003

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Microsoft Skype versions through 8.59.0.77 on macOS

Description: The issue allows a local process with the user's privileges to obtain unprompted microphone and camera access. This is achieved by loading a crafted library, which enables the process to inherit Skype Client's microphone and camera access due to the disable-library-validation entitlement.

Recommendations: For Microsoft Skype versions through 8.59.0.77 on macOS, consider restricting access to the microphone and camera until a fix is available. As a temporary workaround, review and restrict any library loading capabilities to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-24003

Affected Products

Skype

PT-2021-10997 · Microsoft · Skype

CVE-2020-24003

Related Identifiers

Affected Products

References · 3