If you own a Mac with a version of Skype later than 5, you may be at risk for a dangerous worm that could take control of your entire system. The guys at PureHacking report the discovery of a flaw that can lead to accidental payload execution in the Skype client. This can leave the program unusable for days. But it gets worse.
The hole can also be used to allow an attacker to gain remote control over a Mac. All the victim would need to do is view a message sent to them through the application. The hole is described as "extremely wormable and dangerous", but Skype has taken their sweet time fixing it. Despite responding that they were aware of and dealing with the issue, the VOIP service has yet to issue a patch fixing it.
Skype claims that this "zero day vulnerability" has been sealed in the 220.127.116.112 patch. But all users have not been prompted to download that patch, "as there is another update in the pipeline" due for next week.
It seems to me that the delay between hearing about this issue and acting upon it has been rather inexcusably long. While it's true that no abuses of this vulnerability have yet been reported, its terrible potential for abuse makes it worth priority action. This update should have been prompted for all Mac users as soon as it became available.
Current Skype for Mac users should download it here. No measure of vigilance can protect you from a malicious worm like this. The message would come from one of your trusted contacts, and requires no extra action on your part to do its dirty work.
This isn't the first time in the recent past that Skype has neglected the security of its users in a potentially dangerous way. Last month, it was revealed that the Skype Android App left user data files completely unencrypted in an easily-accessible database. By comparison, that gaffe doesn't seem quite as bad now.