, an Australian security firm, has revealed the existence of a flaw
in a Skype
URI (Uniform Resource Identifier) type that could potentially allow hackers to make file transfers on affected machines. In order to prevent malware writers from successfully exploiting this flaw, and creating relevant malware, Security-Assessment.com worked with Skype to find a solution to the problem first, before the flaw could be exploited; news was kept quiet until a solution was found. Skype seemingly have a patch now.
The flaw is not that easy to exploit. Seemingly, in order for an attack based on the flaw to be carried out, an attacker must authorise the target on his or her contact list, which doesn't require authorisation from the target, and then get the target to visit a website under the attacker’s control. Further to this, the attacker must also know the location of whatever files he or she wants from the victim's machine. Perhaps this might be used to read the user's Skype config file, or to gain access to some operating systems files that could facilitate further attacks.
More information may be found here