Skype for Mac requires manual update to fix security vulnerability

Pure Hacking's Gordon Maddern, a tech security writer, has uncovered a zero-day vulnerability affecting Mac users of the popular chat platform Skype.

Pure Hacking's Gordon Maddern, a tech security writer, has uncovered a zero-day vulnerability affecting Mac users of the popular chat platform Skype. He writes: "About a month ago I was chatting on Skype to a colleague about a payload for one of our clients. Completely by accident, my payload executed in my colleagues Skype client."

Further tests showed that the payload was only executing in Skype clients on Macs. Windows and Linux appeared to be safe. After using metasploit and meterpreter to produce a proof of concept, Maddern was able to gain a shell remotely using the Skype exploit.

Perhaps alarmingly, this information was brought to the attention of Skype's security team over a month ago, with the only response being a generic "Thank you, we'll get to that soon".

"The long and the short of it is that an attacker needs only to send a victim a message and they can gain remote control of the victims Mac," Maddern writes. "It is extremely wormable and dangerous."

This bug was finally updated in a manually installable patch today.

If you're a heavy Skype user on your Mac, download the manual update to patch the bug. A full version update, as noted, should be available in the next week or so.


Be sure to follow MacFixIt on Twitter and contribute to the CNET Mac forums.

About the author

    Joe is a seasoned Mac veteran with years of experience on the platform. He reports on Macs, iPods, iPhones and anything else Apple sells. He even has worked in Apple retail stores. He's also a creative professional who knows how to use a Mac to get the job done.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments