CVE-2020-24003
First published: Mon Jan 11 2021(Updated: )
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Skype | <=8.59.0.77 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-24003?
CVE-2020-24003 is a vulnerability in Microsoft Skype through version 8.59.0.77 on macOS that allows a local process to obtain unprompted microphone and camera access.
How does CVE-2020-24003 work?
CVE-2020-24003 works by exploiting the disable-library-validation entitlement in Microsoft Skype on macOS.
What is the severity of CVE-2020-24003?
The severity of CVE-2020-24003 is low with a severity value of 3.3.
Who is affected by CVE-2020-24003?
Users of Microsoft Skype version 8.59.0.77 on macOS are affected by CVE-2020-24003.
How can I fix CVE-2020-24003?
To fix CVE-2020-24003, it is recommended to update to the latest version of Microsoft Skype or apply any available patches or updates provided by the vendor.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/last-modified-date
- vendor/microsoft
- canonical/microsoft skype
- version/microsoft skype/8.59.0.77