Skype patches medium-risk security hole

Skype logoGiven the hype around Skype, I will not at all be surprised to see media attention paid over the next few days to Skype’s new security bulletin about a vulnerability in the way files are transferred in IM by the Windows Skype client.  From the bulletin, it appears that an attacker could craft a URL in such a way that it could initiate a file transfer to a Skype user.  But, the attacker has to be on the recipient’s approved sender list or trick the recipient into following the URL.  Given that, it makes sense that they only rate it as a medium.  As this has nothing to do with voice, why am I writing about it here?  Well, simply because it is Skype and I expect to see people talking about it.  The fix is of course to simply upgrade to the newest versions.

More information is available at the Skype security blog and in a Network World article.