Microsoft recently fixed a vulnerability in its video chat and messaging app Skype that could have allowed an attacker to execute code on the system it was running on, phish Skype credentials and crash the application.
Zacharis Alexandros, an independent researcher who’s also with the ?European Union Agency for Network and Information Security a/k/a ENISA discovered the vulnerability in January. He publicly disclosed the issue, an attack he calls “SPYKE,” on Friday, via his personal LinkedIn page.
The vulnerability, Alexandros says, was mostly an issue for Windows versions of Skype installed on public machines, such as libraries, airports, or on smart televisions. An attacker would need local access to the login screen of the app in order to exploit it, he said.
Full Article