Skype cross-zone scripting vulnerability now fixed
We recently disabled the ability to use Skype’s Live tab to download clips from the Dailymotion and Metacafe video galleries. We took this step as a cautionary measure after security researchers found a vulnerability in Skype 3.5 and 3.6 for Windows that would have allowed an attacker to execute arbitrary code on a Skype user’s Windows PC without their consent.
As we said in our post on January 18, the measure would be temporary. That is, until an official fix to the vulnerability would be made available. We are pleased to report that the core vulnerability has now been addressed and a fix is included in the latest build of Skype for Windows, 22.214.171.124.
For those who have upgraded to the latest build, we have now re-enabled video downloads from both Dailymotion and Metacafe. Users of older versions of Skype for Windows will not be able to access these video galleries and will need to upgrade.
Last but not least, we’d like to encourage all users to frequently upgrade their version of Skype. This helps ensure that the Skype experience is safer and more enjoyable.