Skype ha reso disponibile un aggiornamento, il 3.6.0.248, e la società raccomanda vivamente tutti gli utenti ad effettuare l’aggiornamento che risolve diversi bug del software.
La falla era stata scoperta da un ricercatore israeliano, Aviv Raff, e la vulnerabilità era stata denominata "cross-zone scripting bug".
Secondo Raff questa vulnerabilità poteva essere usata da qualsiasi hacker per eseguire un codice dannoso sulla macchina del malcapitato.
Raff dichiarò: "Skype utilizza un controllo integrato in Microsoft Internet Explorer per il rendering di pagine HTML visualizzate internamente od esternamente al client VoIP. Il problema è che Skype opera nella modalità Intranet locale di Internet Explorer ed è noto come a questo livello il comportamento delle pagine web non venga in alcun modo limitato".
Inoltre Raff ha individuato un’altra falla in SkypeFind.
Con questo
Questi i vari bugfix risolti:
- Skype cross-zone scripting vulnerability;
- Skype crashed sometimes when leaving groupchat;
- Skype crashed when current Skypename field was empty;
- Contacts were occasionally lost when synchronisation failed;
- MySpace tab was not reachable via keyoard navigation;
- Editing avatar resulted "Cannot focus a disabled or invisible window" error;
- It was not possible to answer second incoming call;
- Dynamic Content message overlaying contact list toolbar and group controls on reduced Skype window;
- Check update web link was incorrect;
- Call on hold image was wrongly displayed;
- USB webcam plugged in while on call did not allow to start video;
- It was not possible to open video settings panel while on video call;
- Skype crashed sometimes when expanding chat history;
- Presence were shown wrongly to conference call participants sometimes;
- Incorrect message was shown when when sender cancelled file transfer;
- Voice Mail greeting playes again when viewing profile;
- Wrong flag was displayes for Democratic Republic of the Congo;
- File Transfer relayed message was displayed after File Transfer had finished;
- Language name for Belarusian was wrong.