AAPL Stock: 117.81 ( -0.22 )

Printed from

Skype for Mac vulnerability found, fix coming next week

updated 09:10 pm EDT, Fri May 6, 2011

Security hole could allow attacker remote control

Gordon Maddern, a security researcher in Australia, has reported a serious hole in the current Mac version of Skype that could be exploited by an attacker to remotely take control of the computer, CNet says. Skype has since responded saying they had already issued a "hotfix" for the vulnerability but will release a formal update to address it next week, over a month after Maddern reported it to the company. Maddern is not releasing details of the "extremely dangerous" problem until Skype has fixed it, he said.

Skype has claimed that at the time Maddern contacted them about the issue, it was already aware of it and working on a fix, noting that by default only someone already in a user's contact list could send them the kind of maliciously-crafted payload that would allow remote access, making it unlikely to happen to most users. Maddern says he discovered the problem when he sent a colleague a (deliberately) malicious file and it executed on the colleague's machine.

No reports of attacks of this nature have been reported outside of Maddern's, who posted about the discovery and subsequent progress on his blog.

Maddern created a full proof-of-concept attack, and calls it "extremely wormable," meaning the vulnerability could be used by others to craft other sorts of attacks on Macs -- the attacker only needs to send the victim a message, and they can gain remote control of the victim's Mac, he says. The vulnerability was not found in the Windows and Linux versions of Skype. Maddern has not said if the vulnerability exists on the more-popular previous version (v2.8) of the Skype client for Mac.

Although Skype has already issued a "hotfix" (meaning no user intervention was required), until the formal update is released users of the current Mac version of Skype should be cautious of any messages from untrusted sources. [via CNet]

by MacNN Staff




  1. MyRightEye

    Joined: Dec 1969


    No thanks...

    I'll take the risk of the vulnerability rather than upgrade to the crappy new version.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented