Trustwave’s analysis of what it describes as a possible ‘backdoor’ in Skype:
‘As described in the Trustwave advisory, the issue is an authentication by-pass discovered in the API whereby a local program could by-pass authentication if they identified themselves as the program responsible for interfacing with the Desktop API on behalf of the Skype Dashboard widget program.’
Microsoft denies that it’s a backdoor, but acknowledges the vulnerability.
Commentary by John Leyden for The Register: Infosec bods: This is a backdoor in Skype for Macs. Microsoft: No. – Dodgy API let apps and plugins silently pry into chat logs, record calls and more