Gordon Madder said that more than a month ago he discovered a vulnerability in the official Skype for Mac OS X client that allows him to execute arbitrary code. To launch an attack, it is enough to send a specially formed message.
Despite the fact that the developers of the program were provided with all the details of the vulnerability, the patch is still not released, so be careful.
Details of the vulnerability have not been disclosed. ')
UPD : andoriyu brought on a post on the Skype developer blog. It turns out that the hotfix (v. 5.1.0.922) was released on April 14th and is available for download from the site, but since they did not receive messages that this bug was used somewhere, it was decided to roll it out as a minor update, because of which the client did not issue a message about the new version. I wonder if someone will start using this bug before the release of the “full-fledged” new version, after what time will the developers find out and how many computers will have time to suffer?