X
Tech

Skype + Facebook = critical security vulnerability

Skype's integration with Facebook is being touted as "the best of both worlds" but the new Skype 5.5 for Windows update contains a highly-critical security flaw that allows Skype session hijacks or even full system compromise.
Written by Ryan Naraine, Contributor

Skype's integration with Facebook is being touted as "the best of both worlds" but the new Skype 5.5 for Windows update contains a highly-critical security flaw that allows Skype session hijacks or even full system compromise.

According to an advisory posted at secalert.net, an attacker can exploit a system even if the victim is not a Facebook friend or a Skype contact.

Details on the vulnerability are being kept under wraps but The H Security says they were able to reproduce the issue. The Skype security blog has not yet acknowledged the flaw.

A video demo is available:

UPDATE (2:00 PM Eastern):  Here's a statement from Skype CSO Adrian Asher:

"The newly reported Cross Site Scripting (XSS) vulnerability that allows your Facebook stream to pop-up messages or redirect you to other Web sites is actually an issue that was fixed recently by an update deployed to users. All affected users should already be protected. Skype users do not need to install any updates for this fix to take effect."

Editorial standards