Security researchers have discovered a flaw in Skype that could enable hackers to run code on a target system, phish for credentials and crash applications. Kyle Wilhoit, Senior Security Researcher at DomainTools commented below.
Kyle Wilhoit, Senior Security Researcher at DomainTools:
On the local machine, the nastiest option available to attackers is code execution (leveraging the legitimate the Skype service). This would allow an attacker to escalate local privileges, embed backdoors, and possibly move laterally in the network.
In order to mitigate such attacks, you should make sure your applications are up to date. Make sure Skype is fully patched to help mitigate this threat. (A patch has been released for this vulnerability).”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.