ID: IRCNE2011081226
Date: 2011-08-24
According to “ZDNET”, a German security researcher caimed the latest version of Skype contains dangerous flaw, which could allow malicious injection of HTML/JavaScript code into a user’s phone session.
Based on an advisory published on Wednesday, the researcher claims that:
An attacker could for example inject HTML/Javascript code. It has not been verified though, if it’s possible to hijack cookies or to attack the underlying operating system. Attacker could give a try using extern .js files…
Skype’s comments:
“We have had this reported to us by various media outlets and have confirmed that the person is mistaken.”
However, the researcher said that the unsafe content is displayed when users view a booby-trapped profile, which works by inserting a JavaScript command or web address where a phone number is expected, since the entries in (home, office and mobile phone and city) are embedded via HTML.
- 2