Microsoft’s Skype app has been around for the longest time ever, but it seems that Microsoft could soon be forced to rewrite the app from scratch, thanks to a recently discovered bug which if exploited, could allow an attacker to gain system-level access to the target’s computer through the Skype installer.
This was discovered by security researcher researcher Stefan Kanthak who found that the installer could be exploited via the DLL hijacking technique. This allows the attacker to trick the app into drawing malicious code instead of from the correct library. Kanthak told ZDNet that while the attack is “clunky”, it can be easily weaponized and that there are multiple ways to go about it.
This not only affects Windows computers, but apparently can be applied to Macs as well. By gaining a system-level access to the computer, the attacker could steal files, delete data, or even install ransomware. When Microsoft was informed about the bug last September, the Redmond company told Kanthak that issuing a fix would require a “larger code revision”.
They also stated that if and when a fix were to come, it would arrive in a “newer version” of Skype rather than through a security update, and that Microsoft is putting “all resources” into building a brand new client, although exactly when that new client will be released is anyone’s guess.