Last Friday, Skype issued a statement on its security blog to notify Skype for Mac users (18.104.22.1682) about a hotfix released on April 14. This manual update will deal with security issues raised by a Skype for Mac 5.x zero-day vulnerability. All previous versions remain vulnerable.
Skype will push a related update to Mac users during the week. “This new update will include some additional updates and bug fixes,” says Adrian Asher, Skype’s Chief Information Security officer in the blog post. “This vulnerability is related to a situation when a malicious contact would send a specifically crafted message that could cause Skype for Mac to crash.”
Explaining the severity of this vulnerability, Maddern writes “An attacker needs only to send a victim a message, and they can gain remote control of the victim’s Mac. It is extremely wormable and dangerous.”