Skype patches critical flaws
Update your software now.
By Robert McMillan, IDG News Service | Published: 10:12, 26 October 2005
Skype has put out a critical update to its telephony software following the discovery of a number of critical flaws.
If exploited, two of the flaws could allow attackers to take over a Skype user's system, the company said in an advisory. These flaws affect a number of Windows versions of the software ranging between version 1.1 to 1.4.
The first would work by tricking a Skype user to click on a specially-crafted URL, while the second would require a Skype user to import a malicious vCard - the electronic business card format used by some e-mail programs.
Security research firm Secunia has rated the flaws "highly critical", and listed a third type of error, which affects Mac OS and Linux clients as well, that could be exploited to crash the Skype client. The Secunia advisory also tells users to update to the latest version of the software.
Though it has not been the target of a widespread attack to date, Skype has a number of characteristics that market it increasingly attractive to attackers, said Tom Newton, a product development manager with firewall vendor SmoothWall.
"It's difficult to control from a network administrator point of view, and we're left with an extremely homogenous environment," he said. "Once everybody is running the same code, it becomes much more profitable for miscreants and wrongdoers to affect our computers."
Skype Technologies says there are now 61 million registered Skype users.