Are you a frequent user of Skype? If so, you might want to rethink your usage. Luckily, there are several good, much more secure, alternatives. ZDNet reports that a security flaw in Skype’s updater process can allow an attacker to gain system-level privileges to a vulnerable Windows computer. If the bug is exploited, it “can escalate a local unprivileged user to the full ‘system’ level rights — granting them access to every corner of the operating system.” What’s worse is that Microsoft, which owns Skype, won’t fix the flaw because it would require the updater to go through “a large code revision.”
Luckily, the security apparently only affects Windows systems, not Macintosh or Linux or handheld devices. The bug uses a DLL hijacking technique. Luckily, DLL files are Windows-specific and are not used in the other operating systems.
Details may be found at http://www.zdnet.com/article/skype-cannot-fix-security-bug-without-a-massive-code-rewrite/.
Categories: Online Privacy & Security