Vulnerability in Skype allows accounts to be hijacked - Update
Source: Levent Kayan Popular VoIP software Skype contains a security issue which could enable an attacker to gain access to a contact's account. In a security advisory, Levent Kayan, who discovered the vulnerability, reports that in some cases it could even allow access to the user's system.
According to Kayan, Skype 220.127.116.11 (the current version) and earlier for Windows and Mac are affected. The Linux version is not affected. The H's associates at heise Security in Germany were able to reproduce the problem in version 18.104.22.168 under Windows 7 and Windows XP, although in some cases more than ten logons were required before the problem manifested itself – why this should be the case is unclear. Kayan reports that he has informed the vendor. No patch is available at present.
Update – Skype has now confirmed it is aware of the hole and has already developed a patch to be published within the next week. Skype provides a plausible explanation as to why the problem isn't immediately reproducible: to take advantage of it, the attacker must appear in the victim's list of frequent contacts. Skype classifies the issue as a lesser problem because an attacker is allegedly only able to display messages through Skype or redirect pages.