Internet, Web and Technology updates
Latest Skype,s programming mistakes. The various code could be injected or attacked
German security has told that the new version of skype has some dangerous flaw, that could allow malicious injection of HTML and JavaScript code during the user,s phone session.
It based on an advisory publishes on WED, they claimed that:
An attacker could for example inject HTML/JavaScript code, it has not been verified though, if it,s possible to hijack cookies or to attack the underlying operation system. Attacker could give a try extern .js files…
Skype,s reply
“We have had this reported to us by various media outlets and have confirmed that the person is mistaken, this is not a web window and while it does cause a phone number to be underlined, does nothing other than this,” spokeswoman Brianna Reynaud wrote in an email.
According to a German security researcher, the latest version of Skype contains dangerous flaw, which could allow malicious injection of HTML/JavaScript code into a user’s phone session.
owever, the researcher said that the unsafe content is displayed when users view a booby-trapped profile, which works by inserting a JavaScript command or web address where a phone number is expected, since the entries in (home, office and mobile phone and city) are embedded via HTML.
Related posts:
Related posts:
| Print article | This entry was posted by yasoobee on August 24, 2011 at 7:30 am, and is filed under General. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |