nsane.forums Posted August 23, 2011 Share Posted August 23, 2011 The latest version of Skype contains dangerous flaw, which could allow malicious injection of HTML/JavaScript code into a user’s phone session.According to a German security researcher, the latest version of Skype contains dangerous flaw, which could allow malicious injection of HTML/JavaScript code into a user’s phone session. Based on an advisory published on Wednesday, the researcher claims that: An attacker could for example inject HTML/Javascript code. It has not been verified though, if it’s possible to hijack cookies or to attack the underlying operating system. Attacker could give a try using extern .js files… Skype’s comments: “We have had this reported to us by various media outlets and have confirmed that the person is mistaken, this is not a web window and while it does cause a phone number to be underlined, does nothing other than this,” spokeswoman Brianna Reynaud wrote in an email. However, the researcher said that the unsafe content is displayed when users view a booby-trapped profile, which works by inserting a JavaScript command or web address where a phone number is expected, since the entries in (home, office and mobile phone and city) are embedded via HTML. View: Original Article Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.