Skype users are advised to upgrade their software in double quick time after a security bug was reported late last week by a security researcher in New Zealand.
Rating the vulnerability as ‘medium risk’, Skype says that the bug affects several versions of the Skype client for Windows and could allow an evil attacker to download a file from an affected PC without permission.
It has to be said that it’s a little bit obscure – to get stung by this fella you’d have be first tricked into visiting a nefarious Web page set up by the attacker who would need to have already added the victim to his contact list.
Danish bug tracking firm Secunia said that the “moderately critical” flaw was in Skype’s parsing of URLs, so a malformed link – sent in a Skype message, for example – could begin the transfer of a file without the victim’s consent,
The bug affects all releases of Skype for Windows up to and including version 2.0.x.104, as well as version 2.5.x.0 up to and including 2.5.x.78. Skype advised users to upgrade to Skype 2.5, release 2.5.x.79 or later, or Skype 2.0, release 2.0.x.105 or later.
A free upgrade is available online now (select ‘help’ and ‘check for update’ from the drop-down menu).
This is the first security bulletin issued by Skype in around seven months – good news for us as we use the program every day.