Secunia warns of 'highly critical' Skype flaw

Updating to the latest version of Skype for Mac OS X solves a "highly critical" vulnerability that could lead to the remote execution of arbitrary code, vulnerability monitoring firm Secunia said Monday in an advisory.

The flaw, reported by security researcher Tom Ferris, is caused by a malformed URL in the free voice over IP (VoIP) service that, if followed, could lead to a user's system being compromised.

According to a Skype bulletin, "this behavior is due to incorrect handling of arguments passed to a function in the Skype URI (uniform resource identifier) handler than initializes an alert panel."

A URI is a short text string that describes a resource on the internet. URLs are a type of URI.

"The attack requires the targeted user to manually follow a specially crafted malformed link, such as on a web page," the bulletin added. "Depending on several factors, doing so may result in an application crash, possibly succeeded by the execution of arbitrary code."

Users are encouraged to update to Skype for Mac 1.5.80, which can be downloaded from the VoIP service's website.

Click here to email Dan Kaplan.

Sign up to our newsletters