News

Skype Mac OS X client gets zero-day fix

SearchSecurity.IN staff

Last Friday, Skype issued a statement on its security blog to notify Skype for Mac users (5.1.0.922) about a hotfix released on April 14. This manual update will deal with security issues raised

Requires Free Membership to View

by a Skype for Mac 5.x zero-day vulnerability. All previous versions remain vulnerable.

Skype will push a related update to Mac users during the week. “This new update will include some additional updates and bug fixes,” says Adrian Asher, Skype’s Chief Information Security officer in the blog post. “This vulnerability is related to a situation when a malicious contact would send a specifically crafted message that could cause Skype for Mac to crash.”

The zero-day vulnerability takes aim at Mac OS X users by downloading a file through JavaScript. It can be termed as a potentially limited threat, since users must agree to install the software and provide a password. This malicious software was reported by Gordon Maddern of security research firm Pure Hacking, who published news of a "Skype 0day vulnerability" on his blog. Maddern maintains that Pure Hacking will not disclose details on this attack until release of the new update.

Explaining the severity of this vulnerability, Maddern writes “An attacker needs only to send a victim a message, and they can gain remote control of the victim’s Mac. It is extremely wormable and dangerous.”