0day vulnerability in Skype for Mac OS X

    Gordon Mudder said that more than a month ago he discovered a vulnerability in the official Skype client for Mac OS X that could allow arbitrary code to be executed. To carry out an attack, it is enough to send a specially formed message.

    Despite the fact that the program developers were provided with all the details of the vulnerability, the patch has not yet been released, so be careful.

    Details of the vulnerability have not been disclosed.

    UPD : andoriyu pointed to the poston the Skype Developers Blog. It turns out that the hotfix (v. 5.1.0.922) was released on April 14 and is available for download from the site, but because they did not receive messages that this bug was being used somewhere, it was decided to roll it out as a minor update, because of which the client did not give a message about the new version. It’s interesting if someone starts using this bug before the release of a “full-fledged” new version, after what time do developers learn about it and how many computers will have time to suffer?

    Also popular now: