Skype Preps Patch For Malicious Mac Infection
Online phone service Skype is preparing to fix a bug in the Mac edition of the system that could allow hackers to take control of a computer remotely. The site that discovered the bug has accused Skype of dragging its heels on the issue.
Gordon Maddern of purehacking.com says he discovered the bug entirely by mistake. He was talking to a colleague on a Skype connection about some code written for a client. To his surprise he was able to make the code run on his colleague's computer.
Upon closer examination, Maddern discovered that the hack only worked where the recipient's computer was a Mac: both Windows and Linux versions were unaffected. He also found that, while in the first instance the transmitted code had run within Skype itself, it was possible to gain shell access to execute arbitrary programs and commands.
Skype Bug Could Lead to Worm Effect
According to Maddern, the flaw is "extremely wormable," meaning that a hacker could set up a chain reaction by which one hacked computer could automatically seek out other connected Skype-enabled Macs, infect them, then pass the code on to their list of contacts, and so on. Done effectively, such a technique could infect a vast number of computers in short order.
There is an important limitation in that the code can only be spread between Skype users who have actively added one another as contacts on the system (similar to adding a friend's details to an address book) and can't be passed on to strangers.
Full Details Kept Confidential For Now
Maddern informed Skype about the issue and was told it would be addressed in the next security update. When this didn't happen and there had been no action for a month, Maddern publicized the problem, while vowing to keep the full details under wrap until it had been addressed. (Source: purehacking.com)
Skype Officially Releases Fix for Mac This Week
Skype has now fixed the issue in the latest edition of the Mac software (5.1.0.922).
The new version is scheduled to be sent out automatically this week, though users can manually install it now. The company says it did make a fix available in mid-April but chose not to make it an automatic update at the time as there was no evidence that hackers were both aware of the bug and exploiting it. (Source: skype.com)
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.