Skype is advising users to upgrade to the latest VoIP version to address a recently discovered security vulnerability that poses significant risks.
This vulnerability affects multiple versions of the Skype client for Windows. It may allow an attacker to download any file from the infected computer without the user’s consent. According to Skype’s assessment, the vulnerability has a medium severity level.
 |
| Source: LabSolution |
According to Skype, this vulnerability arises from a flaw in how the Skype software handles URIs, or Uniform Resource Indicators, which is a standard technology that allows access to resources on the Internet.
However, for an attacker to turn a Skype user into a victim, they must set up a fake website and trick the user into visiting that site, according to Brett Moore, a security expert from Security-Assessment.com, who discovered the aforementioned vulnerability.
Furthermore, the attacker must know the exact location of the file they wish to steal, as well as be required to add the victim’s name to their contact list.
According to Moore, this vulnerability exists in all Windows versions released to date. Users are advised to upgrade to Skype 2.5, 2.5.x.79 or later, as well as Skype 2.0, 2.0.x.105.
This is the first security bulletin released by Skype in the past seven months. Last year, the company issued three security bulletins, two of which addressed high-risk vulnerabilities and one labeled as low risk.
Thien Yi
