Skype apologises for forgetting 'critical' security patch.

Skype the voice-over-IP (VoIP) firm has apologised for forgetting to tell users of a security patch that fixes a flaw within the skype4com URI handler component of Skype.

"We strive to inform the public of vulnerabilities and malware that may affect Skype software," said Villu Arak a spokesman for Skype on the company's security blog. "While this particular vulnerability was fixed, there was an unintentional communication oversight and we failed to bring the case to the public's attention. All we can do now is to apologise."

In early November, Zero Day Initiative informed Skype of a vulnerability that allows a remote attacker to execute arbitrary code, provided that the user visits a malicious website.

The security issue was fixed in the public release of Skype 3.6 for Windows. All versions of Skype for Windows updated or installed as of November 15 include the security patch.

The current public release of Skype 3.6 for Windows can be downloaded from the company's site.

---