Original URL: http://www.theregister.co.uk/2006/10/04/skype_mac_security_update/

Skype patches Mac OS X flaw

Calling out for an update

By John Leyden

Posted in VoIP, 4th October 2006 15:01 GMT

Skype has released an update for its Mac software following the discovery of a security vulnerability that created a means to compromise Apple PCs running the popular IP telephony application.

The security bug stems from a format string error in the Skype URI handler. The flaw creates a potential means for hackers to create a maliciously constructed Skype URL which, if followed, might allow them to inject hostile code onto vulnerable systems.

The security bug affects Skype versions prior to 1.5.0.80. Users are advised to upgrade to this version of the software, as explained in an advisory by the firm here. The bug was discovered by security researcher Tom Ferris.

In related news, Apple released a security update designed to address multiple vulnerabilities in Mac OS X (some of which have become the target of hacker exploitation) last weekend. Security notification firm Secunia has published a useful overview of these various vulnerabilities here. ®