July 20, 2021
Bug hunters asked to probe Microsoft Teams mobile apps, can earn up to $30k
Microsoft’s Applications Bounty Program has been extended to cover Microsoft Teams mobile apps, and bug hunters can earn up to $30,000 for reports about specific vulnerabilities.
Microsoft Teams: A popular business solution
Microsoft Teams is an enterprise communication and collaboration platform that provides workspace one-on-one and group chat, videoconferencing, VoIP, file sharing and storage, and meetings.
Its popularity and use soared in the wake of the COVID-19 pandemic and, as of April 2021, it has over 145 million daily users.
Eligible bugs and awards
Microsoft started its Applications Bounty Program in March 2021, with Microsoft Teams Windows, macOS, and Linux desktop clients as the initial targets for bug hunters.
READ MORE
Explaining how the flaw works in a post online, Vegeris said: Attacker sends or edits an existing message, which looks completely normal to victim. Victim executes code upon looking at the message. That s it. There is no further interaction from the victim. Now your company s internal network, personal documents, Office 365 documents, mail, notes, secret chats are fully compromised. Think about it. One message, one channel, no interaction. Everyone gets exploited. So let s expand on that. What if the recipients then automatically post it in their teams, channels? Everybody gets exploited. Did you know you can be a guest in other organisations?