As we mentioned Saturday, a critical vulnerability in the Skype 5 client for Mac could have exposed your machine to attack from malicious contacts (the vector for attack is an instant message, which you only can receive by default from people you already ‘trust’ in Skype). With no exploit active in the wild, the Skype Mac team patched the application to close the hole back on April 14 but did not push out the update to all users.
As of today, there’s a new hotfix (5.1.0.935) that is being provided for all Skype 5 users; it closes the security holes and also fixes a few bugs, including video issues on high-bandwidth networks. Skype recommends that all users update to the new build.
As John Gruber noted, the older 2.8 version of Skype (preferred by many for aesthetic reasons) was never affected by the vulnerability.
Thanks to Chasapple for the heads-up.
Skype pushes update to Mac client for security flaw originally appeared on TUAW on Mon, 09 May 2011 14:35:00 EST. Please see our terms for use of feeds.
Source | Permalink | Email this | Comments