- A security researcher discovered a flaw in the Android version of Skype that allows access to user data even if the phone is locked
. Theflaw allows unauthenticated local attacker view photos, contacts and access browsers.
- The flaw was discovered by security researcher Florian Kunushevci.
- Microsoft fixed the flaw in the Android skype version released on December 23
Security researchers have discovered a critical flaw in the Android version of Skype that allows attackers to view photos and contacts.
The vulnerability was discovered by Security researcher Florian Kunushevci and allows the attacker to access data in user device even if the phone is locked.
The vulnerability could be exploited by an unauthenticated local attacker to view photos, contacts, access browsers and open others apps through the browser.
“A new vulnerability that I found on Skype has been fixed that affected millions of Android devices around the world that uses Skype. The new update you will find from 23 December 2018” said in the post published by the researcher in LinkedIn.
The Researcher said the flaw was due to a code error in skype which allows unauthorised access to attackers.
The flaw was discovered by the researcher in October and notified it to Microsoft. Microsoft addressed the issue in the new version of Skype released on December 23.
Android Users are advised to update their Skype to the latest version available. The researchers also published a PoC video of the vulnerability which is shown below:
You may be interested in reading:New Variants of Shamoon Disk-Wiping Malware Uploaded to VirusTotal