VOICE OVER IP (VoIP) and chat Skype for Mac users will get an update this week closing a dangerous security hole that can allow a hacker to take over a Mac computer simply by sending a message.
Gordon Maddern of security firm Pure Hacking first discovered the vulnerability and created a proof of concept exploit using the Metasploit tool. He said, "The long and the short of it is that an attacker needs only to send a victim a message and they can gain remote control of the victim's Mac. It is extremely wormable and dangerous."
Skype didn't make it easy for Maddern to flag the hole, with the researcher claiming he had "a lot of trouble trying to find the right person to notify". Then over a month later, Maddern thought the vulnerability was still open as Skype hadn't informed him of any patch release.
But it turns out that Skype did release a patch, but very, very quietly. In a blog post, Adrian Asher of Skype security said it released a patch for the problem on 14 April, but only a manual update as there were no reports of the exploit being used in the wild. Users aren't prompted for the update, but can download it now by clicking on 'Check for Updates'.
This week will see an update for Skype for Mac that will notify users with a prompt that they need to download it. This release will carry some additional updates and bug fixes.
Skype has been pretty busy on the security front recently. Last month there were some fairly major vulnerabilities with the Skype Android app. µ