A serious vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could potentially allow attackers to gain full control of the host machine by granting system-level privileges to a local, unprivileged user.
The worst part is that this vulnerability will not be patched by Microsoft anytime soon.
A vulnerability in Skype for Android allows an unauthenticated attacker to view photos and contacts, and even open links in the browser, a security researcher has discovered.
Found by Florian Kunushevci, a 19-year-old researcher from Kosovo, the vulnerability requires for the attacker to have physical access to the target device. Next, they would need to receive a Skype call and answer it, which would then allow them to access user data even if the device is locked.
Normally, with the device locked, a user should not have access to data such as photos and contacts without authenticating with a password, a PIN, a lock-screen pattern, or a fingerprint.