A couple of days ago, security vulnerability for Skype was discovered by Levent Kayan, a Berlin-based security researcher. What he had discovered was this exploit which allowed malicious hackers to enter a string of JavaScript code into the “mobile phone” field for that user, and the minute that user logs on, the hacker would be able to trigger the program, allowing the hacker access to the user’s Skype account and possibly even the computer they are using Skype on.Skype has since acknowledged the issue, although they seem to be downplaying it by calling it a “minor issue”. They claim that the issue only affects “top contacts”, which means that in order for the hacker to exploit the bug, they would have to be someone who communicates on a regular basis with their target, and would require both users to be online at the same time.
Skype’s spokesperson Chaim Haas was quoted as saying, “As you can imagine, someone who you deal with frequently is probably unlikely to take advantage of this bug anyways.” The bug was also claimed to just affect Windows users only, but Kayan responded by apparently confirming that Mac and Linux versions of Skype were affected as well.
Personally we don’t see how a bug that could potentially give a hacker access to another person’s computer can be considered a “minor issue”, but the good news is that Skype will be issuing an update some time this week to address that problem, so keep an eye out for that!
If you want to see how Kayan exploits the bug and causes a window to popup on another computer, check out the video below.