Remember how Facebook with Skype integration was going to be “Something Awesome“? Well, it’s something alright — a wide-open back door to your computer.
The vulnerability surfaced after David Vieira-Kurz posted the proof-of-concept video above to the Secalert website. Apparently, he had “found a few security issues which makes it possible to hijack a Skype Session and compromise a user’s system due to a lack output sanitisation”. The victim does not need to be on either the attacker’s FB friends list or Skype contact list for the exploit to work. According to ZDNet, the flaw has been independently verified (though details regarding how thw hack actually work remain scarce) but neither Skype nor Facebook has yet confirmed the findings. [Secalert via ZDNet]