CVE-2020-24003

low-risk
Published 2021-01-11

Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.

Do I need to act?

-
0.73% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (1)

Skype

Affected Vendors

Microsoft

References (2)

Exploit https://www.hdwsec.fr/blog/20200608-skype/
Exploit https://www.hdwsec.fr/blog/20200608-skype/
20
/ 100
low-risk
Severity 13/34 · Low
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal