Today Skype released the promised Hotfix to Skype for Mac 5.1 that addresses the security vulnerability that was the subject of much Internet angst last Friday.
Click on Skype | Check for Updates … and you will get this:
Release notes, such as they are, mention three issues addressed:
- Security updates
- Resolves video freezing in high-packet loss networks
- Fixes minor bugs
Dan York has put on his enterprise enterprise security manager hat in posting: Skype Issues 2nd Mac 5.1 Hotfix for “Security Issues” – But What Are Those Issues? and concludes with:
Seriously, Skype… security matters… and even more, communication about security matters. We all know that with any system there are security issues… no system is perfect and attackers will always try to compromise systems. We get that. It is how you react and communicate about those security issues that is so incredibly critical.
Update: Adam Asher, Chief Information Security Officer at Skype, has provided a post outlining why Skype is holding back on details of the security issue addressed by this hotfix as well as confirmation from Pure Hacking (who originally found the issue) that the vulnerability has gone away.
My approach on releases is to always wait for the majority of our users to update before detailing / discussing any of the specific issues that have been fixed. This minimizes the amount of time that would-be attackers have to try and exploit those of our users that haven’t upgraded yet.
Bottom Line: if you are running Skype for Mac 5.1 (or 5.0), do the update. If you chose to stay on Skype for Mac 2.8 while Skype addresses some much larger issues with Skype 5.x, you need do nothing.
Note: as of the time of writing this post, Dan reports that “Check for Updates” is not working for him. Probably needs to clear U.S. customs or similar border security issue. You can also get the download here.