Skype’s Apple Mac Client Has a Dangerous Flaw

image-4735
It was recently discovered that there is a significant security hole in the Skype design for Apple Mac users. While logged in to Skype, a security researcher discovered a zero day vulnerability (meaning that the software developer, Skype, doesn’t know that the security hole even exists). This hole can  give a hacker temporary remote access to the victim’s Mac via Skype. In other words, it means that someone else can take control of your computer while you are logged into Skype.

Solution: For now, I recommend you update your software with the fix made available on April 14th. To do this, get into your software and click on Skype -> Check for Updates, or you can download the software here. Make sure you check for an even newer update in the coming weeks.

Skype has been alerted to the problem and released the following statement:

“Last month, we were contacted by Pure Hacking, a group of ethical hackers in Australia, who reported what they believed to be a zero-day vulnerability in Skype for Mac 5.x. This vulnerability, which they blogged about earlier today, is related to a situation when a malicious contact would send a specifically crafted message that could cause Skype for Mac to crash. Note, this message would have to come from someone already in your Skype Contact List, as Skype’s default privacy settings will not let you receive messages from people that you have not already authorized, hence the term malicious contact.

“At the time they alerted us, we were already aware of the issue and were working on a fix to protect Skype users from this vulnerability, as we take our users’ security very seriously. We subsequently released a hotfix for this problem in a minor update (Skype for Mac version 5.1.0.922) on April 14th. As there were no reports of this vulnerability being exploited in the wild, we did not prompt our users to install this update, as there is another update in the pipeline that will be sent out early next week.

“This new update will include some additional updates and bug fixes. When it is released, we will notify all Skype for Mac users of the need to update their software (the client will prompt the user to update). In the meantime, we recommend you update your software with the fix made available on April 14th, just click on Skype -> Check for Updates or you can download the software here.

“Please note, Skype’s other clients, e.g. Windows and Linux, are not susceptible to this vulnerability.”

 

 

John Sileo trains organizations on information leadership, including social media control, identity theft prevention and reputation management. His satisfied clients include the Department of Defense, FDIC, Pfizer and Homeland Security. To bring John in to speak to your organization, contact his staff on 800.258.8076 or watch him entertain audiences with vital content at www.ThinkLikeASpy.com.

 

Posted by Identity Theft Speaker in Cyber Data Security, Identity Theft Prevention and tagged , , , , , , , , , , .

1 Trackbacks/Pingbacks

  1. Pingback: “Skype” security flaws for Mac users on May 24, 2011

1 Responses to Skype’s Apple Mac Client Has a Dangerous Flaw

  1. John Counsel: May 11, 2011 at 1:58 pm

    Sounds like Skype is wasting its time plugging security holes — Microsloth just acquired it. Security Hole Central.

    Bye-bye Skype!

Leave a Reply