Security researchers have revealed a dangerous feat in Skype for Mac which can be exploited to create a worm that can take control of Mac PCs.This FAQ will help you understand the impact potential of the threat, and you can do to protect your system.
What is vulnerability? PureHacking, a published Australian security research firm a blog note describing a vulnerability and the proof of concept exploit affecting Skype for Mac.
What is the potential risk? PureHacking researchers and developers to Skype appear to disagree on the scope of the threat. PureHacking claims to have developed a feat of proof of concept which allows the attacker to take complete control of the vulnerable Mac system and says that the failure is easily exploited and extremely dangerous.
Skype seems to believe that the threat is much more limited. Skype says that a message to a malicious contact could cause Skype to crash Mac software, and stresses that by default privacy settings in Skype limited impact because you cannot receipt of messages from your list of authorized contacts.
There is a very big difference between "limited threat that crashes the Skype client" and "hazardous nematode worm PCs Mac". PureHacking may lean towards "sky is falling" sensationalism, while Skype has a mobile for erring on the side of "no big deal". To assume that the truth is somewhere in the middle.
Is my affected Skype version? According to the Skype blog post, only Skype for Mac 5.x is affected. Earlier versions are not vulnerable to this exploit.
What about Skype on Windows or Linux? The fault exists only in the Skype for Mac client. PureHacking studied the question on Skype for Windows and Skype for Linux and concluded that the exploit does not work on these platforms.
Is this linked to the Skype for Android app problem?No.. The issue with the Skype for Android app was Skype configuration error that leaves a database containing sensitive data open and not encrypted. This vulnerability is a flaw that allows a specially crafted message from Skype run malicious code on the target of the Mac OS X system.
Should I worry? The risk of exploit is almost nil for Mac OS X. Despite assertions by loyalists Apple Mac OS X is simply more secure by default and virtually impervious to attack, the annual competition of the Pwn20wn and's proof of concept developed by PureHacking for this threat demonstrate otherwise. That said, Mac OS X is still a drop in the bucket of PC market share and malware software developers have their attention on the large swimming pool, so there is little risk of this exploited in the wild any time soon.
is there a fix? Skype says have been aware of the issue before even PureHacking he carried to his attention and has already developed a patch which is available since 14 April. Skype has not pushed the fix, though, because it is not aware of this flaw exploited in the wild. Next week, Skype will push an updated version of Skype for Mac 5.x which solves the problem and includes a variety of other settings and fixes as well.
What should I do? If you are really concerned, obtain the hotfix to Skype and now apply. If you prefer, you can probably just wait until next week when Skype released the updated version.
No comments:
Post a Comment