Microsoft patches actively exploited Skype, Teams, Edge zero-days found in image libraries
-
Microsoft released patches to fix zero-day vulnerabilities in two popular open source libraries that affect Skype, Teams, Edge, and other products.
-
The vulnerabilities were discovered last month and have been actively exploited with spyware according to Google and Citizen Lab.
-
The bugs were found in the webp and libvpx libraries, which are widely used for processing images and video.
-
Microsoft declined to say if its products were exploited or if it knows either way.
-
Citizen Lab said the webp bug was exploited on iPhones without any user interaction, and Apple acknowledged the bug may have been exploited.
![](https://techcrunch.com/wp-content/uploads/2022/02/stalkerware-spill-hed-guide.jpg?resize=1200,675)