updated 06:50 pm EDT, Mon May 9, 2011
Also resolves video freezing issue, other bugs
VOIP telephony company Skype has released an official update correcting a serious security issue in their most current version of Skype for Mac, a problem that could have been exploited by an attacker to remotely take control of the computer. New version 18.104.22.1687, available directly from the company or through the program's own update mechanism, closed the security hole and also resolves other minor bugs, including an issue of video "freezing" in high packet-loss situations.
The vulnerability in the Mac version of Skype was reported last week by security researcher Gordon Maddern, who called it a very "wormable" and "extremely dangerous" issue, a charge the company downplayed by pointing out that only someone on a user's own contact list could send the maliciously-crafted message that would allow remote access. The vulnerability was not found in the Windows or Linux version, and Maddern did not say if the problem existing in the older (version 2.x) editions of Skype still in wide use due to the user perception that version 5 took up too much screen space and was generally perceived as uglier.
The company had already issued a "hotfix" in-network before Maddern's discovery became public, but he points out that he had contacted Skype to alert them of the issue nearly a month before publishing his report. The update is recommended for all users of version 5.x of Skype for Mac, which requires OS X 10.5.8 or later.