On February 12, ZDNet published a conversation with an independent IT security specialist Stephen Cantak. He reported a dangerous vulnerability in Skype – with its help, attackers can seize full control over the device on which the device is running.
According to the expert, the widespread method is based on the widespread adoption of malicious DLL-, dylib- or DSO-library files (in Windows, macOS and Linux operating systems, respectively). With it, you can fool the application and introduce malware.
An attacker can download a malicious DLL file to a temporary directory with user rights, and then assign the same file the name of another really existing document. Before this same method, the executable file responsible for updating Skype is also vulnerable.
Kantak contacted the developers of Skype in September 2017. They reproduced the problem described by the expert, but noticed that removing it would require too much processing of the application code. They added that they will not release a separate update to eliminate the vulnerability, but will close it in the next version of the messenger.