Skype, the popular internet phone software, has a new vulnerability with the way it handles video links. There aren’t any reported exploits yet but as always it’s only a matter of time.
Skype is susceptible to this vulnerability if all of the following happen:
- Your computer uses Windows
- You use Skype version 18.104.22.168 or older (versions 3.5 and 3.6)
- You do a video search from within Skype
- The search takes you to a page that’s been hacked
The damage from this is still unproven but it’s fair to say that if someone can write the required malicious code they could use it to any effect they like (such as installing spyware on your computer or taking over its control).
Skype has responded with disabling adding new videos to their Dailymotion gallery. This will slow down the chance of an exploit spreading. And Skype will release a new version soon to fix the vulnerability.
Skype’s report is located here.