Photo by Amelia Holowaty Krales / The Verge
Microsoft is reportedly dragging its feet on fixing yet another security vulnerability. This time, it’s a flaw in the Skype mobile app that could let hackers obtain your IP address by opening a message with a link — no clicking required, according to a report from 404 Media.
The flaw, which was uncovered by the independent security researcher Yossi, allows hackers to see a user’s general location by having them open a message containing a link. While Yossi told Microsoft about the flaw earlier this month, 404 Media reports that the company only promised to issue a patch after the outlet reached out.
To attest to the severity of the flaw, it doesn’t seem to matter what website the link takes you to. The researcher demonstrated the flaw…