Security hole plugged in Skype for Mac

Flaw in how Net phone software handles Web links could enable an attacker to launch arbitrary code on some Macs.

Skype on Tuesday issued an update that fixes a serious security flaw in its Internet telephony software for Apple Computer's Mac OS X.

A vulnerability exists in the way Skype for Mac handles Web links, according to a Skype advisory. An attacker could construct a malformed Skype link which, when clicked on, can cause the application to crash or allow a system to be compromised.

"A user of Skype for Mac who follows a specially crafted URL may experience a crash of the Skype software and possibly may execute arbitrary code without consent," the company said in its advisory. The Net telephony provider, part of online auction giant eBay, deems the issue "high" risk.

A miscreant could publish a malformed Skype link on a Web site, for example, and try to trick someone into following it, the company said.

The vulnerability exists in Skype for Mac releases prior to and including 1.5.*.79. It has been fixed in release 1.5.*.80 or later, which was available for download on the Skype Web site on Tuesday.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Details about Apple's 'spaceship' campus from the drone pilot who flies over it

MyithZ has one of the most popular aerial photography channels on YouTube. With the exception of revealing his identity, he is an open book as he shares with CNET's Brian Tong the drone hardware he uses to capture flyover shots of the construction of Apple's new campus, which looks remarkably like an alien craft.

by Brian Tong