By Joris Evers, 4 October 2006 08:35
NEWS
Skype on Tuesday issued an update that fixes a serious security flaw in its internet telephony software for Apple's Mac OS X.
A vulnerability exists in the way Skype for Mac handles web links, according to a Skype advisory. An attacker could construct a malformed Skype link which, when clicked on, can cause the application to crash or allow a system to be compromised.
The company said in its advisory: "A user of Skype for Mac who follows a specially crafted URL may experience a crash of the Skype software and possibly may execute arbitrary code without consent." The VoIP provider, part of online auction giant eBay, deems the issue "high" risk.
A miscreant could publish a malformed Skype link on a website, for example, and try to trick someone into following it, the company said.
The vulnerability exists in Skype for Mac releases prior to and including 1.5.*.79. It has been fixed in release 1.5.*.80 or later, which was available for download on the Skype website on Tuesday.
Joris Evers writes for CNET News.com
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below