Skype has released an update for its Mac software following the discovery of a security vulnerability that created a means to compromise Apple PCs running the popular IP telephony application.

The security bug stems from a format string error in the Skype URI handler. The flaw creates a potential means for hackers to create a maliciously constructed Skype URL which, if followed, might allow them to inject hostile code onto vulnerable systems.

The security bug affects Skype versions prior to 1.5.0.80. Users are advised to upgrade to this version of the software, as explained in an advisory by the firm here. The bug was discovered by security researcher Tom Ferris.

In related news, Apple released a security update designed to address multiple vulnerabilities in Mac OS X (some of which have become the target of hacker exploitation) last weekend. Security notification firm Secunia has published a useful overview of these various vulnerabilities here. ®

Related stories

• Security researchers' accounts ransacked in embarrasing hacklash (13 August 2008)
• Patch Tuesday update triggered Skype outage (20 August 2007)
• Safari zero-day exploit nets $10,000 prize (20 April 2007)
• Hackers call on Skype to spread Trojan (20 December 2006)
• Brief Skype offers Brits free yak (23 October 2006)
• VoIP services are go (18 October 2006)
• US using more mobiles than landlines (10 October 2006)
• Vonage calls up USB key phone (5 October 2006)
• Skype malware scam targets Turkey (10 August 2006)
• 'Skype clone' surfaces in China (17 July 2006)
• Skype bug lets 'buddies' swipe files (24 May 2006)
• Skype uses peer pressure defense to explain China text censorship (20 April 2006)
• Analysis Skype explains why security evaluation omitted bug reports (7 November 2005)