Recently, a new vulnerability came to light that allows hackers to take advantage of a security flaw in the software’s clipboard function that could spell big trouble for you.
The vulnerability works like this:
Hackers create a poisoned image file, and then copy/pastes it from the computer’s clipboard into a Skype message window.
Once the image has been loaded onto the clipboard on both the hacker’s machine and the recipient’s, Skype experiences a stack overflow error which causes the application to crash. When that happens, it opens the door, enabling the hacker to execute additional, more damaging or compromising exploits that could lead to a complete loss of control of your system.
The worst part of all is that no user interaction is required for the hacker to create the conditions by which the additional attacks can be made against the target computer.
Microsoft, which bought Skype in 2011, rated this as a high-security risk vulnerability, with a 7.2 CVSS score. It affects versions 7.2, 7.35, and 7.36 of the messaging software on Windows XP, Windows 7 and Windows 8.
Fortunately, the company patched the vulnerability in Skype v7.37, so if it’s been a while since you’ve upgraded, now is the time.
This is an especially problematic vulnerability because of the sheer popularity of Skype as a messaging platform. Not only is it used by millions of people around the world, but it’s becoming an increasingly popular communications tool in the enterprise setting.
As ever, vigilance is the order of the day, and one of the keys to remaining vigilant is to make sure all the software on your various devices is up to date and fully patched.