Earlier today, we published another update for Skype for Mac users. This latest version (220.127.116.115) includes all of the security fixes from our April 14th release (18.104.22.1682), as well as some additional product fixes. Now that this update has finished propagating to our download servers, you should be able to click “Skype -> Check for Updates” within the Skype for Mac application to automatically get this update. Shortly, we will also begin prompting users with a message to update the software.
My approach on releases is to always wait for the majority of our users to update before detailing / discussing any of the specific issues that have been fixed. This minimizes the amount of time that would-be attackers have to try and exploit those of our users that haven’t upgraded yet. Naturally, having millions of customers using our software (30 million concurrent users at peak times) does result in a somewhat slow upgrade cycle. However, we typically see that large percentages of the user base have upgraded within a few weeks after a new version has been released. Once we have seen a large proportion of our Skype for Mac user base have upgraded to this new version, we will provide further details on the vulnerability in the Skype for Mac client that was raised by Pure Hacking.
Pure Hacking has also now confirmed that the issue they reported to us on April 7th, for which we were already working on a fix, was addressed in our April 14th release.
As always, we continue to urge Skype users to ensure that their systems or devices are patched and running up-to-date software. This advice extends to both the operating system and other programs that they may have installed.