Microsoft patches actively exploited Skype, Teams, Edge zero-days found in image libraries

Microsoft released patches to fix zero-day vulnerabilities in two popular open source libraries that affect Skype, Teams, Edge, and other products.

The vulnerabilities were discovered last month and have been actively exploited with spyware according to Google and Citizen Lab.

The bugs were found in the webp and libvpx libraries, which are widely used for processing images and video.

Microsoft declined to say if its products were exploited or if it knows either way.

Citizen Lab said the webp bug was exploited on iPhones without any user interaction, and Apple acknowledged the bug may have been exploited.