Notebookcheck Logo

Security exploit discovered in Skype

With its vast user base, a recently discovered security flaw in Skype could potentially put millions of users at risk. (Source: Microsoft)
With its vast user base, a recently discovered security flaw in Skype could potentially put millions of users at risk. (Source: Microsoft)
A recently discovered security flaw in Skype potentially allows remote attackers to execute malicious code. Microsoft has since fixed the vulnerability in a patch, and Skype users are urged to make sure their Skype application is up-to-date.

Skype, the widely popular chat and calling service acquired by Microsoft in 2011, is likely a program you have installed on your computer. With a reported user base in the tens of millions, the ubiquity of the platform should not be understated. In fact, approximately 35% of small businesses are said to use Skype as their primary communication service. When such a massive platform has a security flaw exposed, the implications are far-reaching. Thus, when Benjamin Kunz-Mejri, a security researcher at Vulnerability Lab, reported his findings of a bug that allows potential attackers to exploit security vulnerabilities within the programming, there was cause for concern.

The vulnerability was discovered within a team conference call on Skype Web, and is said to affect Skype versions 7.2, 7.35, and 7.36 on Windows XP, Windows 7, and Windows 8. Essentially, the vulnerability allows attackers to crash the program by causing a stack overflow error. From there, the attackers could potentially execute further exploits. Mejri explains the nature of the vulnerability, stating that it lends itself to a lack of “secure limitations or restrictions” within the Skype’s clipboard function. Thus, the vulnerability can be exploited by the transmission of malicious files via the clipboard. Users looking for a more in-depth explanation can refer to Mejri’s detailed write-up here. Vulnerability Lab has also released a proof-of-concept video showing how to recreate the exploit.

Thankfully, the security firm reported the issue to Microsoft earlier last month, and the company has already issued a patch to fix the vulnerability. Vulnerability Lab has confirmed that “in Skype v7.37 the vulnerability is patched”. If you are one of the millions that use Skype, it is highly recommended that you update to protect yourself from this exploit. If you unsure of how to update your version of Skype, steps can be found here.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
Mail Logo
Sebastian Eifrid, 2017-06-30 (Update: 2017-06-30)