Voice over IP firm Skype has warned of a security bug in versions of its product for Windows that could give an attacker access to the user’s files.
The vulnerability allows hackers to build a hyperlink that could transfer a file to another Skype user if the victim clicks on the link. In a security bulletin, Skype said the vulnerability was “medium” risk.
Any file transfer would be “accompanied by the normal Skype file transfer dialogue”, the security bulletin said. File transfers would be visible to the user and could be stopped by selecting the “Cancel” option.
The VoIP firm has released an updated version of Skype with a fix for the bug.
Skype, owned by online auction firm eBay, has been pushing further into both the consumer and business markets. This month has seen Skype launch an interpreting service in 150 languages and a tie-up with Sainsbury’s that will put its prepayment vouchers on sale at checkouts across the country.
But chief security officers at two City banks warned earlier this month that VoIP technology was not yet secure enough for major business use.