Recently, a security researcher has revealed multiple vulnerabilities in the popular video conferencing app Microsoft Teams. According to the researcher, there is a vulnerability that allows the attacker to plant malware into the user’s system by just tricking them into viewing a craft crafted chats with malicious codes. The cross-platform bugs were identified and reported by Oskars Vegeris to the tech giant by the end of June this year. The company addressed the issues in its October update, and it stated that these vulnerabilities are important, spoofing. While writing for GitHub this Monday, Vegeris had mentioned that he strongly disagrees with the reasoning given by Microsoft. The company has admitted that the flaw was major, and it could’ve caused a major catastrophe.
The company stated that the issue was affecting only the desktop application, but Vegeris has stated that the vulnerabilities extend beyond Windows. The researcher has discovered that the exploits majorly depends on sandbox type escape and CSP bypass. According to Vegeris, the discovered vulnerabilities are cross-platform, and they can easily affect Mac, Linux, and Windows versions of Teams. As of now, Vegeris claims that he has discovered four more undisclosed bugs that can be used to exploit Microsoft Teams.