toggle

AAPL Stock: 98.38 ( -0.64 )

Printed from http://www.macnn.com

Skype for Mac vulnerability found, fix coming next week

updated 09:10 pm EDT, Fri May 6, 2011

Security hole could allow attacker remote control

Gordon Maddern, a security researcher in Australia, has reported a serious hole in the current Mac version of Skype that could be exploited by an attacker to remotely take control of the computer, CNet says. Skype has since responded saying they had already issued a "hotfix" for the vulnerability but will release a formal update to address it next week, over a month after Maddern reported it to the company. Maddern is not releasing details of the "extremely dangerous" problem until Skype has fixed it, he said.

Skype has claimed that at the time Maddern contacted them about the issue, it was already aware of it and working on a fix, noting that by default only someone already in a user's contact list could send them the kind of maliciously-crafted payload that would allow remote access, making it unlikely to happen to most users. Maddern says he discovered the problem when he sent a colleague a (deliberately) malicious file and it executed on the colleague's machine.

No reports of attacks of this nature have been reported outside of Maddern's, who posted about the discovery and subsequent progress on his blog.

Maddern created a full proof-of-concept attack, and calls it "extremely wormable," meaning the vulnerability could be used by others to craft other sorts of attacks on Macs -- the attacker only needs to send the victim a message, and they can gain remote control of the victim's Mac, he says. The vulnerability was not found in the Windows and Linux versions of Skype. Maddern has not said if the vulnerability exists on the more-popular previous version (v2.8) of the Skype client for Mac.

Although Skype has already issued a "hotfix" (meaning no user intervention was required), until the formal update is released users of the current Mac version of Skype should be cautious of any messages from untrusted sources. [via CNet]




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. MyRightEye

    Joined: Dec 1969

    -2

    No thanks...

    I'll take the risk of the vulnerability rather than upgrade to the crappy new version.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Adesso Xtream S3B Bluetooth speaker

Finding a speaker purpose-built for a specific need is challenging. Even when a Bluetooth speaker can be paired with a mobile device, ...

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

toggle

Most Commented