CVE-2024-42004

Name of the Vulnerable Software and Affected Versions Microsoft Teams versions 24046.2813.2770.1094

Description A library injection vulnerability exists in Microsoft Teams for macOS. This issue allows a specially crafted library to leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability, then make use of the vulnerable application's permissions. The vulnerability is related to incorrect cryptographic signature verification.

Recommendations For version 24046.2813.2770.1094, consider disabling the library loading functionality as a temporary workaround until a patch is available. Restrict access to sensitive resources to minimize the risk of exploitation. Avoid using the vulnerable version of Microsoft Teams for macOS until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.