Whether you are currently sitting in a cafe or at home, hackers know everything.
A vulnerability was discovered in the Skype mobile application that allows hackers to get the user's IP address when opening a message with a specific link, according to the publication 404 Media.
This flaw was identified by an independent security researcher named Yossi. A hacker can determine a user's general location by asking them to open a message with a link. 404 Media points out that, despite the fact that Yossi informed Microsoft about the problem at the beginning of the month, the company promised to release a fix only after the publication's request.
To demonstrate the vulnerability, Yossi showed how he was able to get the IP address of a 404 Media journalist, even when he was using a virtual private network (VPN). It didn't matter which site the link led to.
When Yossi reached out to Microsoft on August 12, he was told that " IP address disclosure alone is not considered a security vulnerability." After 404 Media contacted the company, Microsoft said it would fix the issue in a "future product update," without specifying a timeline.
Recall that Chinese hackers recently gained access to the US government's email via Microsoft Azure, which caused criticism of the company for its approach to security vulnerabilities. Earlier this month, the CEO of cybersecurity company Tenable, Amit Goran, accused Microsoft of "clear negligence", mentioning the company's delay in patching a critical vulnerability.
A vulnerability was discovered in the Skype mobile application that allows hackers to get the user's IP address when opening a message with a specific link, according to the publication 404 Media.
This flaw was identified by an independent security researcher named Yossi. A hacker can determine a user's general location by asking them to open a message with a link. 404 Media points out that, despite the fact that Yossi informed Microsoft about the problem at the beginning of the month, the company promised to release a fix only after the publication's request.
To demonstrate the vulnerability, Yossi showed how he was able to get the IP address of a 404 Media journalist, even when he was using a virtual private network (VPN). It didn't matter which site the link led to.
When Yossi reached out to Microsoft on August 12, he was told that " IP address disclosure alone is not considered a security vulnerability." After 404 Media contacted the company, Microsoft said it would fix the issue in a "future product update," without specifying a timeline.
Recall that Chinese hackers recently gained access to the US government's email via Microsoft Azure, which caused criticism of the company for its approach to security vulnerabilities. Earlier this month, the CEO of cybersecurity company Tenable, Amit Goran, accused Microsoft of "clear negligence", mentioning the company's delay in patching a critical vulnerability.
