Skype has now admitted there was a vulnerability in the Mac client:
This vulnerability, which they (Pure Hacking) blogged about earlier today, is related to a situation when a malicious contact would send a specifically crafted message that could cause Skype for Mac to crash. Note, this message would have to come from someone already in your Skype Contact List, as Skype’s default privacy settings will not let you receive messages from people that you have not already authorized, hence the term malicious contact.
Adrian Asher from Skype has responded on the company’s blog:
At the time they alerted us, we were already aware of the issue and were working on a fix to protect Skype users from this vulnerability, as we take our users’ security very seriously. We subsequently released a hotfix for this problem in a minor update (Skype for Mac version 5.1.0.922) on April 14th. As there were no reports of this vulnerability being exploited in the wild, we did not prompt our users to install this update, as there is another update in the pipeline that will be sent out early next week.
Next week’s patch will include additional updates and bug fixes and Mac Skype users will be prompted to update their software. Windows and Linux clients are unaffected by this vulnerability.
Skype should have admitted the problem earlier, now they’re doing damage control.
