Skip to main content

Another XSS security flaw discovered in Skype; taps Facebook integration

posted onAugust 1, 2011
by l33tdawg

A security researcher has discovered a potentially major security flaw in Facebook, apparently caused by the communication package/service's recently-launched close integration with Facebook.

According to David Vieira-Kurz of the SecAlert newswire, the Facebook integration has introduced a cross-site scripting (XSS) flaw into the Skype software, allowing the remote hijacking of a Skype session and potentially compromising a user's system.

This is, he claims, due to a lack output sanitisation and allows a victim to be attacked even if they are not a Facebook-friend or Skype contact of the attacker. Vieira-Kurz has posted a proof-of-concept video showing how the flaw can be exploited. According to security forum reports, the problem affects the Windows version of Skype from v5.3 onwards and stems from the extension of the Facebook API to the Skype client environment.

Source

Tags

Skype Security

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th