Science

Skype can't fix a nasty security bug without a massive code rewrite

Skype can't fix a nasty security bug without a massive code rewrite

Well, security researchers have now discovered a major security flaw in Skype and this loophole could allow cybercriminals to gain complete control of computers. But DLL hijacking isn't limited to Windows, he said - noting that it can apply to Macs and Linux, too.

This looks to be a major concern and a big defect. From what The Inquirer has been able to find out, Microsoft will not be releasing a patch for vulnerable versions but will instead release a new version at some point, without the vulnerability baked in.

To be clear, this security flaw only affects the Skype for desktop app (not the Skype UWP app on Windows 10 PCs), which uses its own its own update installer that is vulnerable to this DLL hijacking technique. The hacker would simply need to put a fake DLL into a user-accessible temporary folder, with the name of an existing DLL that could be modified by anyone without system access.

However, this is not the first time such issue has been brought to light.




Security researchers had warned Microsoft about the flaw back in September 2017. Following which the tech giant did reproduce the issue on their own computers. German security researcher Stefan Kanthak has discovered the vulnerability and it seems that the issue can not be patched easily and will require a " large code revision", this means that you will need to wait for the next update in order for the issue to be fixed.

Skype might be an unsuspecting app to target a user, because the app runs at the same level of privileges at the local, logged-in user, making it hard for attackers to do much with that low level of access. Instead, it made a decision to put "all resources" into building an altogether new Skype client that would overcome the vulnerability. The current version will gradually be denounced.

Gizbot Stay updated with latest technology news & gadget reviews.