There is easily enough information in this post for a reasonably clever blackhat to rediscover the vulnerability. I'm reasonably certain I can guess what it is.<p>So don't use Skype on Mac if you can help it, and if you must use it turn off messages from sources not in your contact list.
"About a month ago I was chatting on skype to a colleague about a payload for one of our clients,” he wrote. “Completely by accident, my payload executed in my colleagues skype client."<p>If I had to guess, they were probably pasting back and forth JavaScript "payloads" for an XSS and broke the parser that Skype is using for formatting chat messages. Not that interesting.<p>Chat messages on Skype aren't exactly the most effective propogation mechanism either. Don't you have to be approved as someone's friend before they can send you a message? This probably won't be used in any massive attacks any time soon. Until then, continue to annoy your girlfriends as the author apparently did.
How long until Skype fixes it and we see the details? Skype seems really bad about fixing/disclosing things. Anyone else remember this? <a href="http://forum.skype.com/index.php?s=17fbdf08801503eebf66d315f03d14b6&showtopic=310121&st=20&p=1633781&#entry1633781" rel="nofollow">http://forum.skype.com/index.php?s=17fbdf08801503eebf66d315f...</a><p>HN page: <a href="http://news.ycombinator.com/item?id=656174" rel="nofollow">http://news.ycombinator.com/item?id=656174</a><p>Edit: woops, my bad, apparently SkypeMate is independent.
Skype claim to have already fixed the bug with their release last month on April 14th: <a href="http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html" rel="nofollow">http://blogs.skype.com/security/2011/05/security_vulnerabili...</a><p>Sadly the fix seems to be only for the 5.x series and there's no indication for holdouts like myself on whether 2.x is affected or not.
Another scary thing here is that, since Skype 5.0 sucks so badly, many people downgraded to 2.x and Skype probably will ignore that release when they fix the vulnerability.