toggle

AAPL Stock: 102.5 ( + 0.25 )

Printed from http://www.macnn.com

Skype for Mac vulnerability found, fix coming next week

updated 09:10 pm EDT, Fri May 6, 2011

Security hole could allow attacker remote control

Gordon Maddern, a security researcher in Australia, has reported a serious hole in the current Mac version of Skype that could be exploited by an attacker to remotely take control of the computer, CNet says. Skype has since responded saying they had already issued a "hotfix" for the vulnerability but will release a formal update to address it next week, over a month after Maddern reported it to the company. Maddern is not releasing details of the "extremely dangerous" problem until Skype has fixed it, he said.

Skype has claimed that at the time Maddern contacted them about the issue, it was already aware of it and working on a fix, noting that by default only someone already in a user's contact list could send them the kind of maliciously-crafted payload that would allow remote access, making it unlikely to happen to most users. Maddern says he discovered the problem when he sent a colleague a (deliberately) malicious file and it executed on the colleague's machine.

No reports of attacks of this nature have been reported outside of Maddern's, who posted about the discovery and subsequent progress on his blog.

Maddern created a full proof-of-concept attack, and calls it "extremely wormable," meaning the vulnerability could be used by others to craft other sorts of attacks on Macs -- the attacker only needs to send the victim a message, and they can gain remote control of the victim's Mac, he says. The vulnerability was not found in the Windows and Linux versions of Skype. Maddern has not said if the vulnerability exists on the more-popular previous version (v2.8) of the Skype client for Mac.

Although Skype has already issued a "hotfix" (meaning no user intervention was required), until the formal update is released users of the current Mac version of Skype should be cautious of any messages from untrusted sources. [via CNet]




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. MyRightEye

    Joined: Dec 1969

    -2

    No thanks...

    I'll take the risk of the vulnerability rather than upgrade to the crappy new version.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Kanex KTU10 Thunderbolt to USB 3.0 and eSATA

Apple has never been shy about funky ports -- first it was Apple Desktop Bus, and its own DIN-8 serial port. Following that came FireW ...

Logitech Hyperion Fury mouse

Selecting the correct gaming mouse comes down to finding a device that balances the needs of a user with a price they can afford. Ofte ...

Life n Soul BM211 Bluetooth speaker

Bluetooth speakers aren't only for listening to some music at the park or on a long bus ride, but can also be built with tablets in m ...

toggle

Most Commented