We’ve written about a Skype 0-day earlier this year as well as another post regarding a XSS vulnerability in their client (the second to be reported recently). Since Skype’s acquisition by Microsoft, problems appear to be popping up more. Coincidence?
Well it’s happened again … another XSS bug has been found. This time the effected version is Skype 5.5.0.113 as reported in this disclosure. From the write-up it appears to only affect Windows versions so hopefully Mac users are safe. Also what about those of us who chose to remain on the Mac 2.8.* branch for various reasons?
Another trend this story reminded me of are cross-over vulnerabilities between web and native clients. Not that this is anything new … but I am hearing more about it a la the latest Skype issues.
via TheRegister.co.uk (Be sure to check out the nice screenshot of the vulnerability in action!)
The latest version of Skype for Windows contains a security vulnerability that allows attackers to inject potentially dangerous code into a user’s phone session, a German security researcher has reported.
The XSS, or cross-site scripting, vulnerability in Skype 5.5.0.113 is the result of the voice-over-IP client failing to inspect user-supplied phone numbers for malicious code, researcher Levent Kayan said. As a result, attackers might be able to exploit the bug to inject commands or scripts that hijack the machine running the program.
Continued here.
#####
Heard anything on this vulnerability affecting Mac clients? Know of some good resources on cross-over vulnerabilities? Let us know in the comments below...
Related posts:
Loading ...
#NOVABLOGGER: YASXV & Cross-Over Vulnerabilities http://t.co/bI79yVO http://t.co/F2yrTxe
YASXV & Cross-Over Vulnerabilities: [nova#infosecportal.com] We ve written about a Skype 0-day earlier this year… http://t.co/hduJUGQ