Skype says persistent CSS is a 'minor vuln', fix coming this week
A couple of days ago, a security vulnerability for Skype was discovered by Levent Kayan, a Berlin-based security researcher. What he had discovered was this exploit which allowed malicious hackers to enter a string of JavaScript code into the “mobile phone” field for that user, and the minute that user logs on, the hacker would be able to trigger the program, allowing the hacker access to the user’s Skype account and possibly even the computer they are using Skype on.
Skype has since acknowledged the issue, although they seem to be downplaying it by calling it a “minor issue”. They claim that the issue only affects “top contacts”, which means that in order for the hacker to exploit the bug, they would have to be someone who communicates on a regular basis with their target, and would require both users to be online at the same time.
Skype’s spokesperson Chaim Haas was quoted as saying, “As you can imagine, someone who you deal with frequently is probably unlikely to take advantage of this bug anyways.” The bug was also claimed to just affect Windows users only, but Kayan responded by apparently confirming that Mac and Linux versions of Skype were affected as well.