Skype + Facebook = critical security vulnerability

Skype + Facebook = critical security vulnerability

Summary: Skype's integration with Facebook is being touted as "the best of both worlds" but the new Skype 5.5 for Windows update contains a highly-critical security flaw that allows Skype session hijacks or even full system compromise.

SHARE:

Skype's integration with Facebook is being touted as "the best of both worlds" but the new Skype 5.5 for Windows update contains a highly-critical security flaw that allows Skype session hijacks or even full system compromise.

follow Ryan Naraine on twitter

According to an advisory posted at secalert.net, an attacker can exploit a system even if the victim is not a Facebook friend or a Skype contact.

Details on the vulnerability are being kept under wraps but The H Security says they were able to reproduce the issue. The Skype security blog has not yet acknowledged the flaw.

A video demo is available:

UPDATE (2:00 PM Eastern):  Here's a statement from Skype CSO Adrian Asher:

"The newly reported Cross Site Scripting (XSS) vulnerability that allows your Facebook stream to pop-up messages or redirect you to other Web sites is actually an issue that was fixed recently by an update deployed to users. All affected users should already be protected. Skype users do not need to install any updates for this fix to take effect."

Topics: Security, Collaboration, Mobility, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • RE: Skype Facebook = critical security vulnerability

    Fixed. Good catch.
    TechNickle
    • RE: Skype Facebook = critical security vulnerability

      <strong>freepuzzlegameonline.com / full-house-design.com</strong>

      <h1><strong><a href="http://www.freepuzzlegameonline.com/">Free Puzzle Games</a></strong></h1>
      <h1><strong><a href="http://www.full-house-design.com/">House Design</a></strong></h1>
      reginebautista
  • Message has been deleted.

    FourLeaf1
    • RE: Skype Facebook = critical security vulnerability

      Skype with Facebook integration seemed pretty awesome at the time of its release <a href="http://www.topdealshotel.com">hotel</a>
      user202
    • RE: Skype Facebook = critical security vulnerability

      @FourLeaf1 skype should goon a <A HREF="http://www.greenhcg.com/phases-of-hcg-diet-plan.php ">HCG Diet Plan</A>
      monstertricks
  • RE: Skype Facebook = critical security vulnerability

    dasdfasdfdsa
    AdanaLy
  • RE: Skype Facebook = critical security vulnerability

    The more poplular software or website is, the more vulnerabilities it is going to have, simply because of the higher number of people spending their time to hack it, comparing to something less popular that presents a lesser prize.
    <a href="http://myinternetmarketingservices.com"> Internet Marketing Services </a>
    321myuser
    • RE: Skype Facebook = critical security vulnerability

      @321myuser A top quality online search engine optimisation program could have several key components which get an individual/firm up to speed. Things such as link building, Meta tags and also the appropriate thickness involving keywords and phrases are all essential items that must be resolved. Although these are not since widespread right now, that they nonetheless constitute the basic foundation upon which just about any study course aimed at search engine marketing training needs to be based upon. The value of other has a bearing on for instance appropriate niche research, social media marketing, article marketing and utilizing the correct anchor text have all be crucial that you modern day marketer needs with <a href="http://www.seoexpertssacademy.com"><font color="#000013">seo experts academy</font></a> course.
      toby juggles
  • nice site

    Skype with Facebook integration seemed pretty awesome at the time of its release <a href="http://www.topdealshotel.com">hotel</a>
    user202
  • try me

    <u><b><i><a href="http://bestfoodforall.com/">best food for all</a></i></b> |
    <u><b><i><a href="http://www.hotelsneardisneyland.biz/">cheap hotels near disneyland</a></i></b> |
    <u><b><i><a href="http://printablerealestateforms.com/">printable real estate forms</a></i></b> |
    <u><b><i><a href="http://www.rentalleaseagreementform.org/">free printable rental lease agreement</a></i></b> |
    juvysan1234
  • RE: Skype Facebook = critical security vulnerability

    Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage. You will also need <a href="http://blackberryunlocking.us">BlackBerry Unlock Codes</a>. I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much.
    Lavlas