Hacker claims Skype still vulnerable
An Armenian hacker is claiming that Skype has failed to learn from prior security lessons, falling victim to a cross-site scripting (XSS) vulnerability similar to one it patched in May, which would allow users to redirect victims to unwanted websites or run arbitrary code.
The May vulnerability allowed users to fool the Mac client of Skype into running arbitrary code as the client didn't check, or sanitise, instant messages to ensure they were free of malicious code.
While Skype issued a low-priority patch at the time, a 28-year-old Armenian-based security engineer, Levent "noptrix" Kayan, claimed on Wednesday night that a similar XSS vulnerability existed elsewhere in Skype's software. He said that the failure to sanitise certain user information or the output rendered in Skype clients could still allow code to be executed.