[ news_security_news ]
Skype Issues Patch For URI Flaw
SecurityProNews
Staff Writer
2006-05-30
 Insider Reports RSS Feed
A flaw in the Windows-based Skype client was identified by Australian security firm Security Assessment last week that allows a hacker to transfer files from a Skype-user's computer. The flaw was not announced, however, until Skype could issue a patch.
The flaw allowed access to users' computers through a vulnerability in the URI (uniform resource identifier) in Internet Explorer. Attackers could use exploit the flaw by authorizing the victim (adding to hacker's contact list) and the luring the contact to a controlled website. The attacker would then need to know the exact location of the file on the victim's PC to extract it.
The warning was issued for all Window Skype releases prior to and including 2.0*.104, release 2.5*.0 to and including 2.5*.78. Skype issued an official fix for the problem and advises clients to download software directly from Skype's website, from one of Skype's authorized partners, or from a reliable mirror site.
Though safe downloads may be made from other locations, the company says it is particularly important that you verify the authenticity of the download. The patch and download instructions can be found here.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
