Security Alert : Skype for Mac Has Unpatched Security Flaw
Mac users may want to be extra careful when using Skype, thanks to a nasty zero-day vulnerability in the Mac OS X version of the client.
Mac users may want to be extra careful when using Skype, thanks to a nasty zero-day vulnerability in the Mac OS X version of the client.
Security researcher Gordon Maddern from the firm Pure Hacking discovered a flaw in Skype that allows a skilled individual to gain remote access to another's machine simply by sending a Skype message.
Maddern says the discovered the hole by accident but put together a proof of concept showing how potentially dangerous it could be. By simply sending a message, Maddern was able to take control of a user's computer and execute a shell instance. Scary stuff.
The researcher contacted Skype more than a month ago, but despite assurances from Skype that a fix was on the way, the program has remained unpatched.
In fact, it appears that it was only after Maddern blogged about the issue — and others like ZDNet UK championed the cause — that Skype felt the need to see the issue as a major problem.
In a statement to ZDNet UK, Skype said, "We are aware of this and will release a fix early next week to resolve the issue. We take our users privacy very seriously and are working quickly to protect Skype users from this vulnerability."
Mac OS X user are unlikely to be completely satisfied with this response. In Waiting more than a month before applying a hot fix, Skype has shown that it might not truly be "taking our users privacy very seriously."
The Windows and Linux versions of Skype aren't vulnerable to this zero-day vulnerability. In addition to this new "feature," Mac users are also dealing with a new UI in Skype 5 that makes everything harder to use.
Realistically speaking, most users are probably not in any potential danger when using Skype — provided they don't accept messages or calls from strangers. Still, we know we'll be taking a Skype for Mac break until this thing is fixed.
Source