Skype + Facebook = critical security vulnerability

Skype's integration with Facebook is being touted as "the best of both worlds" but the new Skype 5.5 for Windows update contains a highly-critical security flaw that allows Skype session hijacks or even full system compromise.

Skype's integration with Facebook is being touted as "the best of both worlds" but the new Skype 5.5 for Windows update contains a highly-critical security flaw that allows Skype session hijacks or even full system compromise.

follow Ryan Naraine on twitter

According to an advisory posted at secalert.net, an attacker can exploit a system even if the victim is not a Facebook friend or a Skype contact.

Details on the vulnerability are being kept under wraps but The H Security says they were able to reproduce the issue. The Skype security blog has not yet acknowledged the flaw.

A video demo is available:

UPDATE (2:00 PM Eastern):  Here's a statement from Skype CSO Adrian Asher:

"The newly reported Cross Site Scripting (XSS) vulnerability that allows your Facebook stream to pop-up messages or redirect you to other Web sites is actually an issue that was fixed recently by an update deployed to users. All affected users should already be protected. Skype users do not need to install any updates for this fix to take effect."

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All