Skype 5.5 Critical Security Vulnerability

Published on July 29, 2011 By DrJBHL In Personal Computing

Well, this is a doozy. Skype made a major error and published Skype 5.5 with a major – no, make that a critical security flaw.

If you have a facebook account, then you could use some of that functionality right in the VOIP software: Posting comments and status updates or seeing who among your ‘friends’ are currently online.

David Vieira-Kurz published proof of the vulnerability here: http://www.secalert.net/index.php?en

What could happen is that someone else could take over your conversation:

“The attack uses code that is entered into a wall or comment post. The Skype session information are then displayed on screen. The exploit is persistent in nature as logging off and on again on Facebook does not invalidate the Skype session. The vulnerability is caused by Skype’s inadequate escaping of data that is posted on Facebook.” - gHacks

If I were you and had a facebook account, I would not update to Skype 5.5. If you have already updated, block the Skype app in your privacy settings on facebook until it’s been fixed.

Again: This applies only to the Skype 5.5 update and facebook account integration.

Sources:

1. SecAlert.net: http://www.secalert.net/index.php?en

2. gHaks.net: http://www.ghacks.net/2011/07/29/skype-update-5-5-with-critical-security-vulnerability/

3. YouTube vid demonstration:

Comments

No one has commented on this article. Be the first!

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!