toggle

AAPL Stock: 119 ( + 1.4 )

Printed from http://www.macnn.com

Skype for Mac vulnerability found, fix coming next week

updated 09:10 pm EDT, Fri May 6, 2011

Security hole could allow attacker remote control

Gordon Maddern, a security researcher in Australia, has reported a serious hole in the current Mac version of Skype that could be exploited by an attacker to remotely take control of the computer, CNet says. Skype has since responded saying they had already issued a "hotfix" for the vulnerability but will release a formal update to address it next week, over a month after Maddern reported it to the company. Maddern is not releasing details of the "extremely dangerous" problem until Skype has fixed it, he said.

Skype has claimed that at the time Maddern contacted them about the issue, it was already aware of it and working on a fix, noting that by default only someone already in a user's contact list could send them the kind of maliciously-crafted payload that would allow remote access, making it unlikely to happen to most users. Maddern says he discovered the problem when he sent a colleague a (deliberately) malicious file and it executed on the colleague's machine.

No reports of attacks of this nature have been reported outside of Maddern's, who posted about the discovery and subsequent progress on his blog.

Maddern created a full proof-of-concept attack, and calls it "extremely wormable," meaning the vulnerability could be used by others to craft other sorts of attacks on Macs -- the attacker only needs to send the victim a message, and they can gain remote control of the victim's Mac, he says. The vulnerability was not found in the Windows and Linux versions of Skype. Maddern has not said if the vulnerability exists on the more-popular previous version (v2.8) of the Skype client for Mac.

Although Skype has already issued a "hotfix" (meaning no user intervention was required), until the formal update is released users of the current Mac version of Skype should be cautious of any messages from untrusted sources. [via CNet]




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. MyRightEye

    Joined: Dec 1969

    -2

    No thanks...

    I'll take the risk of the vulnerability rather than upgrade to the crappy new version.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

MaxUpgrades 512GB Retina MacBook Pro SSD

Apple's Retina line of MacBook Pro notebooks have been impressive, right from their debut in 2012. Thinner than the previous model, t ...

toggle

Most Commented