Security researchers have unearthed a major security loophole in Skype which could potentially allow hackers complete control of computers. The problem could lead to systems being compromised on the Mac, Windows, and Linux platforms. Despite it being a big flaw, Microsoft is reportedly not planning to fix the issue anytime soon.
The Mac Observer points out that Microsoft is not planning to close the backdoor because it requires rewriting of the entire app update installer. As the report explains, the security flaw is related to the app update installer, and if exploited can allow malicious users gain the administrator-level access to affected systems.
The security flaw can be exploited even if the victim is logged into their computer as a standard user. Once trespassed, hackers could potentially copy or delete critical files, install rogue apps, access confidential information, and do pretty much anything possible to the infected system.
Security researchers had warned Microsoft about the flaw back in September 2017. The company was able to reproduce the issue on their own computers. However, as researcher Stefan Kanthak notes, the company has decided to treat the bug in the newer version of Skype rather than issue a security update.
The reason quoted is, “the installer would need a large code revision to prevent DLL injection.” This basically means, for now the Skype vulnerability stays untreated. In the same response, Microsoft promises to develop and ship a newer version of the client. The current version will then be slowly deprecated.