Feeds

Skype update plugs critical bug

On the QT

Intelligent flash storage arrays

Users running older versions of Skype risk attack from a newly disclosed vulnerability.

A boundary error involving the Skype4COM URI handler creates a buffer overflow risk. This, in turn, provides a means for hackers to attack users running vulnerable versions of Skype who visit maliciously-constructed websites.

The vulnerability is confirmed in Skype 3.5.0.239. Other versions of the popular VoIP package prior to 3.6.0.216 may also be affected.

Details of the flaw were reportedly submitted to Skype in early November. Skype released an update in mid-November that touted higher video quality. It also fixed the security bug, a point Skype itself neglected to mention. Information on the vulnerability only emerged following an advisory from security tools vendor Tipping Point late last week. ®

Internet Security Threat Report 2014

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.