Local Privilege Escalation Vulnerability in Skype for macOS
CVE-2020-24003

3.3LOW

Key Information:

Vendor: Microsoft
Status: Skype
Vendor: CVE Published:; 11 January 2021

What is CVE-2020-24003?

A security flaw in Skype for macOS version 8.59.0.77 allows a local process to bypass library validation, enabling unauthorized access to the user's microphone and camera. This occurs when a malicious library is loaded, inheriting the microphone and camera permissions of the Skype Client without prompting the user, potentially leading to privacy violations and unauthorized surveillance.

References

https://www.hdwsec.fr/blog/20200608-skype/

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2021
Vulnerability Reserved
Aug 13, 2020

Microsoft

What is CVE-2020-24003?

References

CVSS V3.1

Timeline