CVE-2024-41145

Name of the Vulnerable Software and Affected Versions Microsoft Teams (work or school) version 24046.2813.2770.1094 for macOS

Description A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams for macOS. This issue allows a specially crafted library to leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability, then make use of the vulnerable application's permissions. The vulnerability is related to incorrect cryptographic signature verification, which can be exploited by a specially crafted library to bypass existing security restrictions.

Recommendations For Microsoft Teams (work or school) version 24046.2813.2770.1094, consider disabling the WebView.app helper app as a temporary workaround until a patch is available. Restrict access to the vulnerable application to minimize the risk of exploitation. Avoid using the vulnerable version of Microsoft Teams until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.