First published: Mon Jan 11 2021(Updated: )
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Skype | <=8.59.0.77 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-24003 is a vulnerability in Microsoft Skype through version 8.59.0.77 on macOS that allows a local process to obtain unprompted microphone and camera access.
CVE-2020-24003 works by exploiting the disable-library-validation entitlement in Microsoft Skype on macOS.
The severity of CVE-2020-24003 is low with a severity value of 3.3.
Users of Microsoft Skype version 8.59.0.77 on macOS are affected by CVE-2020-24003.
To fix CVE-2020-24003, it is recommended to update to the latest version of Microsoft Skype or apply any available patches or updates provided by the vendor.