CVE-2024-41138

Name of the Vulnerable Software and Affected Versions Microsoft Teams versions 24046.2813.2770.1094

Description A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. The vulnerability is related to incorrect cryptographic signature verification, which can allow an attacker to bypass existing security restrictions using a specially crafted library.

Recommendations For version 24046.2813.2770.1094, consider disabling the vulnerable library injection functionality until a patch is available. Restrict access to the com.microsoft.teams2.modulehost.app helper app to minimize the risk of exploitation. Avoid using the vulnerable application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.