The actual release from Pure Hacking is here:

http://www.purehacking.com/blogs/gordon-maddern/skype-0day-v...

No mention of root; only remote shell. I have a feeling this is just bad reporting on the part of The Register.

Having said that, I wouldn't give a random person off the street access to my local user account, even if they can't execute as root. Plenty of attackers would be content to rsync all your files to their server for further examination/exploitation.

Frankly, getting a shell as my regular user on my machine can be just about as devastating as getting root. Everything that's important to me is owned by my user.

If it doesn't have root access you can run it in a dummy user account until it's patched.

Doesn't stop your machine from becoming a vector to attack other users on your contact list though.

On my Mac Skype runs under the uid of my normal account, so I'm not sure how this could be used to get root access unless there's a separate privilege escalation exploit involved.

Does any part of Skype run as root? It really shouldn't but I wouldn't put it past that piece of turd.

If it executed as root, you'd receive the password prompt every time you launched.

If it had a daemon or a setuid binary, you'd only get the password prompt once.