Jump to content

Latest version of Skype susceptible to malicious code injection flaw


nsane.forums

Recommended Posts

nsane.forums

The latest version of Skype contains dangerous flaw, which could allow malicious injection of HTML/JavaScript code into a user’s phone session.

h0k4g.png

According to a German security researcher, the latest version of Skype contains dangerous flaw, which could allow malicious injection of HTML/JavaScript code into a user’s phone session.

Based on an advisory published on Wednesday, the researcher claims that:

An attacker could for example inject HTML/Javascript code. It has not been verified though, if it’s possible to hijack cookies or to attack the underlying operating system. Attacker could give a try using extern .js files…

Skype’s comments:

“We have had this reported to us by various media outlets and have confirmed that the person is mistaken, this is not a web window and while it does cause a phone number to be underlined, does nothing other than this,” spokeswoman Brianna Reynaud wrote in an email.

However, the researcher said that the unsafe content is displayed when users view a booby-trapped profile, which works by inserting a JavaScript command or web address where a phone number is expected, since the entries in (home, office and mobile phone and city) are embedded via HTML.

view.gif View: Original Article

Link to comment
Share on other sites


  • Views 1.2k
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...