Posted by The Blogging Desk on Mon, May 09, 2011
ITProPortal:
A recently discovered zero-day bug in the Mac version of Skype allows hackers to gain control of the user's system by sending a malicious instant message. According to Australian security consultancy company Pure Hacking, the vulnerability in Skype is dangerous and would allow anyone with the know-how to gain control of a Mac by simply sending a malicious instant message.
In a blog post, Gordon Maddern of Pure Hacking explained that he first discovered the bug when he sent a client’s payload to his colleague on Skype.
He later confirmed his suspicions by crafting a proof-of-concept malicious pay-load and testing it on Skype.
“The long and the short of it is that an attacker needs only to send a victim a message and they can gain remote control of the victims Mac. It is extremely wormable and dangerous,” he wrote on the blog.
That sound you just heard was millions of Mac users falling down from their high horse.
Way back when the most recent update to Skype had come out, Mac nerds all over the world were complaining about its design flaws. The sad reality was now the Mac version was starting to look like its bloated PC counterpoint. Have you ever used Skype on Windows? It takes up just about the entire screen. Let's scale that back a bit, eh, Skype?
I usually just use the Skype application on my iPhone, but even then I usually ignore all calls that come into my phone. Who wants to talk on a telephone anymore? Let's be honest here. Just text me so we can pass the awkward phone conversations that would no doubt take place.
Aside from the stingy design complaints, this is arguably the most notable Mac vulnerability I can think of. Just about every Mac user I know uses Skype all the time. And generally, they're on the up and up when it comes to updates. Sadly, this means that just about every Mac user I know is completely vulnerable to hackers. If you're in the enterprise field, hopefully your team has a backup plan to install a previous version of Skype. If not, you can always reach out to Trigon.
