CVE-2020-24003 : Security Advisory and Response

Microsoft Skype through 8.59.0.77 on macOS has a vulnerability that allows a local process to obtain microphone and camera access.

Understanding CVE-2020-24003

This CVE identifies a security issue in Microsoft Skype for macOS that could lead to unauthorized access to the user's microphone and camera.

What is CVE-2020-24003?

The vulnerability in Microsoft Skype for macOS allows a local process to gain access to the microphone and camera without user prompt by exploiting the disable-library-validation entitlement.

The Impact of CVE-2020-24003

The vulnerability enables a local process with user privileges to inherit Skype Client's microphone and camera access, potentially compromising user privacy and security.

Technical Details of CVE-2020-24003

Microsoft Skype through version 8.59.0.77 on macOS is affected by this vulnerability.

Vulnerability Description

The disable-library-validation entitlement in Skype allows a local process to load a crafted library, granting unauthorized access to the microphone and camera.

Affected Systems and Versions

Product: Microsoft Skype
Version: 8.59.0.77

Exploitation Mechanism

By exploiting the disable-library-validation entitlement, a local process can inherit Skype Client's microphone and camera access without user consent.

Mitigation and Prevention

It is crucial to take immediate steps to mitigate the risks posed by CVE-2020-24003.

Immediate Steps to Take

Update Skype to the latest version to patch the vulnerability.
Monitor microphone and camera access on macOS for any suspicious activities.

Long-Term Security Practices

Regularly update software and applications to prevent security vulnerabilities.
Implement access controls and permissions to restrict unauthorized access to sensitive hardware.

Patching and Updates

Apply security patches and updates provided by Microsoft for Skype to address the vulnerability.