Skype on Tuesday issued an update that fixes a serious security flaw in its internet telephony software for Apple's Mac OS X.

A vulnerability exists in the way Skype for Mac handles web links, according to a Skype advisory. An attacker could construct a malformed Skype link which, when clicked on, can cause the application to crash or allow a system to be compromised.

The company said in its advisory: "A user of Skype for Mac who follows a specially crafted URL may experience a crash of the Skype software and possibly may execute arbitrary code without consent." The VoIP provider, part of online auction giant eBay, deems the issue "high" risk.

A miscreant could publish a malformed Skype link on a website, for example, and try to trick someone into following it, the company said.

The vulnerability exists in Skype for Mac releases prior to and including 1.5.*.79. It has been fixed in release 1.5.*.80 or later, which was available for download on the Skype website on Tuesday.

Source: Silicon