At last - Skype plugs critical cross-zone scripting hole

Good to see that Skype has at last patched a critical vulnerability that allegedly forced the firm the nix several features from its Internet telephony and chat software to prevent attackers from hijacking Windows PCs.

In a security advisory issued last week, Skype said it fixed the underlying flaw publicised by Israeli researcher Aviv Raff last month.

The flaw - which Raff calls a cross-zone scripting bug - was reported to be exploitable using rigged video files that leveraged a security flaw in the way Skype rendered HTML code.

Reaction to the fix hasn't been all positive, however, as Raff is quoted on several newswires as saying he doesn't exactly give it the general thumbs up, as he is still waiting for answers to specific security questions.

Pynters can download the patched edition of Skype - Version 3.6.0.248 for Windows - from the main Skype Web site here...