October 25, 2005 12:12 PM PDT

Skype flaws open computers to attack

Related Stories

eBay bets big on Skype

September 13, 2005

Skype plugs hole in VoIP software

November 15, 2004
Skype Technologies updated its popular Skype Internet telephony software on Tuesday to fix a pair of security bugs. The most serious flaw could allow an attacker to commandeer a user's PC.

That flaw, which is similar to a bug Skype fixed last year, affects only Skype for Windows. An attacker could exploit the flaw by crafting a special link and enticing a user to click on it. The flaw could also be exploited when importing user information from a malformed electronic business card, or VCARD, Skype said in an advisory.

A second vulnerability affects Skype on all platforms, but could only be exploited in a denial-of-service attack, Skype said in another advisory. Skype clients are available for Windows; Mac OS X v10.3 (Panther) or later; Linux; and Windows Mobile 2003 for Pocket PC, Skype said.

Security information aggregator Secunia rates the flaws "highly critical," one notch below its highest rating. The company uses the rating for remotely exploitable vulnerabilities that can lead to a system becoming compromised.

Skype was acquired by online auctioneer eBay in September. The client software has been downloaded more than 186 million times since its launch in August 2003 and 61 million people are registered to use the service, according to Skype's Web site. More than 3 million people use Skype simultaneously at any given time, the company said.

Skype on Tuesday released updated versions of its software for Windows, Mac OS X and Linux that do not contain the bugs. A fixed version of the application for Pocket PCs is forthcoming, according to Skype's security advisory.


Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.