Skype blocked the security hole

Skype is encouraging users to upgrade to the latest VoIP version to overcome a new, rather dangerous security hole discovered last weekend.

This vulnerability affects many Skype client versions for Windows. It can allow an attacker to download any file on the infected computer without the user's permission. According to Skype, this vulnerability has a medium risk level (medium).

Source: LabSolution According to Skype, this vulnerability comes from a bug in the way Skype software handles URI, or Resourch Indicator Uniform, a standard technology that allows access to resources on the Internet.

However, to be able to turn Skype users into victims, an attacker needs to build a fake website and trick users into visiting the Web site, Security-Assessment.com security expert Brett Moore, who has public discovered the said flaw.

In addition, the attacker must know the location of the file he wants to steal, as well as be required to add the victim name to the contact list.

According to Moore, this vulnerability is present in all versions of Windows released so far. Users are recommended to upgrade to Skype 2.5, 2.5.x.79 or later, as well as Skype 2.0, 2.0.x.105.

This is the first security bulletin that Skype released in the last 7 months. Last year, the company announced three security bulletins, two of which were rated as high-risk and a low-level vulnerability.

Thien Y