A Skype vulnerability can expose a user IP address, but Microsoft doesn't think it's that bad

A recent revelation by a security researcher indicates that hackers can obtain a target's IP address just by sending a link via the Skype mobile app. The recipient doesn't need to click the link or interact with the sender beyond opening the message for their IP address to be exposed. This could potentially reveal their general physical location.

The security researcher, Yossi, discovered the vulnerability and informed Microsoft about it earlier this month. However, according to 404 Media, Microsoft only committed to issuing a patch after the media outlet contacted them.

This potential security breach could pose a significant risk to various individuals including activists, political dissidents, journalists, and those targeted by cybercriminals. At the very least, an IP address can reveal the area of a city where someone is located. In less densely populated areas, an IP address can be even more revealing due to the smaller number of people that could be associated with it.

When Yossi reported the issue to Microsoft, the company responded on August 12th stating that the “disclosure of an IP address is not considered a security vulnerability on its own”. Microsoft further added that “Upon investigation, we have determined that this submission does not meet the definition of a security vulnerability for servicing which would require immediate servicing. This report does not appear to identify a weakness in a Microsoft product or service that would enable an attacker to compromise the integrity, availability, or confidentiality of a Microsoft offering.”

As of today, the vulnerability remains, and we're not sure when Microsoft plan to patch it.