Skype's integration with Facebook is being touted as "the best of both worlds" but the new Skype 5.5 for Windows update contains a highly-critical security flaw that allows Skype session hijacks or even full system compromise.
According to an advisory posted at secalert.net, an attacker can exploit a system even if the victim is not a Facebook friend or a Skype contact.
A video demo is available:
UPDATE (2:00 PM Eastern): Here's a statement from Skype CSO Adrian Asher:
"The newly reported Cross Site Scripting (XSS) vulnerability that allows your Facebook stream to pop-up messages or redirect you to other Web sites is actually an issue that was fixed recently by an update deployed to users. All affected users should already be protected. Skype users do not need to install any updates for this fix to take effect."