13 Feb
2018
13 Feb
'18
3:58 a.m.
On Tue, 13 Feb 2018 16:03:44 +1300, Peter Reutemann quoted:
'... Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking.'
Auto-updaters seem to be a frequent case of reinventing the wheel and getting it wrong. IBM suffers from the same problem <http://www.theregister.co.uk/2018/02/12/notes_dll_impersonation_bug/>. Wonder why Windows cannot have a Linux-style integrated package-management system that solves this problem once and for all? Because vendors of third-party proprietary software would see it as a violation of their “intellectual property”.