Skype fixes critical security flaw

Summary:The VoIP company has faced criticism for its handling of a major security hole, while also coming under fire for allegedly ignoring users' bug reports

Skype has fixed a critical security hole in the latest version of its Windows VoIP software, which could have allowed specially crafted websites to load and run malicious code on victims' PCs.

The URI handler skype4com, which the Skype software creates to handle web addresses, can fail when handling short strings, producing a memory violation that allows code to be written to memory.

"It is clear that Skype has once again closed critical holes furtively without informing users at all," said security website Heise Security.

Users of older versions of the software should make sure they are running the latest version of Skype — version 3.6.

Security research firm Secunia, which rated the flaw as critical, offers a Software Inspector that should determine if a PC is vulnerable.

Meanwhile, Skype has been criticised by users for allegedly not responding to bug reports.

Applications development professional and ZDNet.co.uk member Jamie Watson reported in his blog on Thursday comments from a Skype forum that Skype was producing 10,000 page faults per second on a user's computer.

Quoting from the forum, Watson said that for nearly two months Skype took the stance that the software was designed to produce that volume of faults. Finally, the VoIP company appeared to admit that the error was created by a thread, which Skype programmers put in for debugging and forgot to take out.

Skype could offer no response to Watson's comments at the time of writing.

The VoIP company has fallen out of favour with some of its other customers over the past few weeks. In November it withdrew a swathe of its users' telephone numbers, starting with the prized prefix 0207, after it fell out with one of its suppliers.

Topics: Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.