Microsoft patches actively exploited Skype, Teams, Edge zero-days found in image libraries
-
Microsoft released patches to fix zero-day vulnerabilities in two popular open source libraries that affect Skype, Teams, Edge, and other products.
-
The vulnerabilities were discovered last month and have been actively exploited with spyware according to Google and Citizen Lab.
-
The bugs were found in the webp and libvpx libraries, which are widely used for processing images and video.
-
Microsoft declined to say if its products were exploited or if it knows either way.
-
Citizen Lab said the webp bug was exploited on iPhones without any user interaction, and Apple acknowledged the bug may have been exploited.