Skype users are being urged to upgrade to the latest version of thepopular Internet telephony client, thanks to a number of critical flawsin the software that were disclosed Tuesday by Skype’s maker, SkypeTechnologies SA.If exploited, two of the flaws could allow attackers to take over aSkype user’s system, the company said in an advisory published Tuesday.These flaws affect a number of Windows versions of the software rangingbetween version 1.1 to 1.4, the statement said.The first of these flaws could be exploited by tricking a Skype user toclick on a specially-crafted URL, while the second would require aSkype user to import a malicious vCard. VCard is an electronic businesscard format used by some e-mail programs.Security research firm Secunia has rated the flaws “highly critical,”and listed a third type of error, which affects Mac OS and Linuxclients as well, that could be exploited to crash the Skype client. TheSecunia advisory also tells users to update to the latest version ofthe software. At this time there is no known malicious software that takes advantage of these bugs, according to Secunia.Though it has not been the target of a widespread attack to date, Skypehas a number of characteristics that market it increasingly attractiveto attackers, said Tom Newton, a product development manager withfirewall vendor SmoothWall Ltd. “It’s difficult to control from a network administrator point of view,and we’re left with an extremely homogenous environment,” he said.”Once everybody is running the same code, it becomes much moreprofitable for miscreants and wrongdoers to affect our computers.”Skype Technologies says there are now 61 million registered Skypeusers, more than enough to attract the attention of hackers, accordingto Newton.EBay Inc.’s planned acquisition of Skype Technologies and thepossibility that the client will play a role in online commerce onlymakes a Skype attack more appealing, he added. “The attack is yet tocome. I don’t doubt that something will happen,” Newton said. “Thescale of it is up for debate.”In fact, hackers are have already begun paying attention to Skype, evenif they have yet to launch a widespread attack. Earlier this monthattackers began sending out malicious “Trojan horse” code in the formof e-mail attachments that claimed to contain version 1.4 of the Skypeclient.Skype’s security advisory can be found here: http://www.skype.com/security/skype-sb-2005-02.htmlThe Secunia advisory is here: http://secunia.com/advisories/17305/ By Robert McMillan – IDG News Service (San Francisco Bureau) Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe