/>
X
Innovation

Skype + Facebook = critical security vulnerability

Skype's integration with Facebook is being touted as "the best of both worlds" but the new Skype 5.5 for Windows update contains a highly-critical security flaw that allows Skype session hijacks or even full system compromise.
Written by Ryan Naraine, Contributor on

Skype's integration with Facebook is being touted as "the best of both worlds" but the new Skype 5.5 for Windows update contains a highly-critical security flaw that allows Skype session hijacks or even full system compromise.

According to an advisory posted at secalert.net, an attacker can exploit a system even if the victim is not a Facebook friend or a Skype contact.

Details on the vulnerability are being kept under wraps but The H Security says they were able to reproduce the issue. The Skype security blog has not yet acknowledged the flaw.

A video demo is available:

UPDATE (2:00 PM Eastern):  Here's a statement from Skype CSO Adrian Asher:

"The newly reported Cross Site Scripting (XSS) vulnerability that allows your Facebook stream to pop-up messages or redirect you to other Web sites is actually an issue that was fixed recently by an update deployed to users. All affected users should already be protected. Skype users do not need to install any updates for this fix to take effect."

Editorial standards

Related

The 21 best Black Friday deals under $30 ahead of Cyber Monday
Amazon Fire TV Stick 4K

The 21 best Black Friday deals under $30 ahead of Cyber Monday

The 51 best early Cyber Monday deals on Amazon
Image of Amazon Echo Show 8 on a wooden table in front of a person cooking and folding pastry dough.

The 51 best early Cyber Monday deals on Amazon

The 62 best Black Friday deals at Costco ahead of Cyber Monday
LG 65" Class - QNED80 Series

The 62 best Black Friday deals at Costco ahead of Cyber Monday