Skype bug may expose users to malicious code
2011-08-23 09:38 by Daniela Tags: Skype, security
An Armenian Security Researcher - Levent Kayan, has discovered a security vulnerability in the latest Skype version for windows. The vulnerability opens up users' phone sessions for hacker attacks. "An attacker could for example inject HTML/JavaScript code," Kayan wrote in an advisory published on Wednesday. "It has not been verified though, if it's possible to hijack cookies or to attack the underlying operating system. An attacker might also exploit the vulnerability to remotely execute malicious JavaScript files on external websites", he said. However, Skype disagrees with the researcher: "We have had this reported to us by various media outlets and have confirmed that the person is mistaken, this is not a web window and while it does cause a phone number to be underlined, does nothing other than this," Skype's spokeswoman Brianna Reynaud wrote in an email. Read more -here-
|