Update: Skype, said it has released a patch on April 14, 2011 to address this problem, the company did not only prompt users to download the patch. Mac users may want to be extra careful when using Skype, with a nasty zero-day vulnerability in the version of Mac OS X client.
A security researcher Gordon Maddern firm discovered pure hacking a fault in Skype that allows a person to obtain remote access to another machine simply by sending a message from Skype.
Maddern says the discovery of the hole by accident but put in place evidence of proof of concept how potentially dangerous, it could be. By simply sending a message, Maddern was able to take control of the user's computer and run an instance of shell. Scary stuff.
[More from Mashable: Osama bin Laden's death targeted by the creators of malware [Alert]]
The investigator contacted Skype more than a month ago, but despite assurances from Skype a fix has been on the road, the program remained unpatched.
In fact, it seems that it is only after Maddern blog on the issue - and others, as ZDNet UK defended the cause - that Skype felt the need to see the issue as a major problem.
In a statement to ZDNet UK, Skype said, we are aware and will release a patch earlier in the week next to solve the problem. We take our users privacy very seriously and work quickly to protect Skype users from this vulnerability.
Mac OS X user are probably not completely satisfied with this response. In the meantime more than a month before you apply a hotfix, Skype has demonstrated that he could not really "take our users privacy very seriously."
Windows and Linux of Skype versions are not vulnerable to this zero-day vulnerability. In addition to this new "feature", Mac users are also dealing with a new Skype 5 user interface that makes everything which is more difficult to use.
Speaking realistically, most users are probably not in potential danger in the use of Skype - provided that they do not accept messages or calls by unknown persons. Yet, we know that we will take a Skype for Mac breach until this thing is fixed.
No comments:
Post a Comment