The growing popularity of Skype Technologies SA"s free Internet telephony software could soon pose the same kind of security challenges for companies that other peer-to-peer (P2P) software technologies have created in recent years, according to security experts.
The warning comes after the disclosure this week of two critical flaws in Skype"s software, one of which could allow malicious hackers to take complete control of compromised systems.
One of the flaws is a buffer overflow error in Skype"s user client for Windows that could allow attackers to execute arbitrary code on compromised systems, according to a statement from the company. The other vulnerability is a heap overflow flaw in a networking routine affecting Skype clients for all platforms. That flaw could crash the client software.
Fixes for both problems have been released.
Skype, which was recently acquired by eBay Inc. for US$2.6 billion, offers downloadable software that allows PC users to make free Internet telephone calls to each other and low-cost calls to telephone users.