Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us

    Feb5
    1:59 am (UTC-7)   |    by

    A recently released patch from Skype issued to address a flaw connected to its SkypeFind feature is insufficient, according to the security researcher who found it.

    Aviv Raff, who also discovered the cross-zone scripting vulnerabilities, warned that the VoIP platform of the SkypeFind application is still not secure. It is reported to use VoIP in letting users recommend businesses or post reviews. An attack to this flaw may involve malicious code injected into the “full name” field of an attacker’s Skype account. When any of the businesses reviewed using the said malicious account is viewed by a user in the SkypeFind dialog, malicious script will be executed on the user’s system.

    Though Skype dismissed the flaw in its security notice as not a very alarming one, Raff disagrees. In this report from The Register, he warns that there are probably other ways to inject a malicious script into the SkypeFind dialog. He also advised users to disable the said feature until a more sufficient patch has been provided.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice