• Home
  • OS X
  • Security Hole in Skype for OS X Could Give Attackers Remote Access to Your Mac

Security Hole in Skype for OS X Could Give Attackers Remote Access to Your Mac

Screen shot 2011 05 06 at 10 12 40 PMA major security hole has been discovered in Skype for OS X that could give an attacker remote access to your Mac by sending an instant message.

The zero-day security vulnerability was discovered by Australian IT security firm, Pure Hacking. Gordon Maddern, who found the exploit, posted today that he notified Skype of the issue a month ago and was given a standard, canned reply from them. They still have not created a patch.

Maddern:

The long and the short of it is that an attacker needs only to send a victim a message and they can gain remote control of the victims Mac. It is extremely wormable and dangerous.

Pure Hacking:

[We] won’t give specifics on how to perform this attack until a patch from Skype is released. However we will give a full disclosure after Skype takes action or a reasonable responsible disclosure time.

Skype is fiddling while Rome is burning:

Skype twitter.png

Dan York from Disruptive Telephony justifiably complained that Skype has not made any information public other than a statement given to ZDNet UK. He says they have made no attempt to notify users via their corporate blog, twitter feed, or any other method. York recommends changing Skype’s privacy settings to only allow messages from contacts. Although, he warns that this is merely a precautionary measure since it is unknown exactly how the attack works. See below for details.

Skype 5.x settings:

Skype privacy settings.png

Skype 2.8 settings:

Skype privacy settings.png

Better yet, switch off Skype and use the phone until a patch is released.

UPDATE
Skype has address the security vulnerability. (Thanks Chaim)

via Pure Hacking, The Register and Disruptive Telephony

Topics