Skype Patches VoIP Vulnerability
vulnerability Mac OS VoIP client
The flaw, which Skype rated as "high" and Danish vulnerability tracker Secunia pegged as "highly critical," is in how the Internet telephony application processes Web addresses. According to the Skype security advisory, an attacker could create a malformed URL, then send that to a Skype user who, after clicking on the link, would either see Skype crash or have his Mac hijacked.
All Mac Skype clients versions 1.5.*.79 and earlier are vulnerable. Windows and Linux editions are unaffected.
Skype 1.5.*.80, which patches the vulnerability, was released Tuesday. It can be downloaded from the Skype Web site.
Skype is no stranger to security updates. It patched serious flaws in its VoIP software in November 2004, October 2005, and May 2006.