2011/05/10

Security issue in Skype confused Mac users

Since the beginning of April does Skype is a serious security problem in the Mac client of the popular messaging service. The Australian security expert Gordon Maddern from Pure Hacking had found a way by coincidence, a colleague from a distance to get to crash the client. In a blog entry of yesterday, he writes, he had a few days of research found a way, space access to the remote Mac to get through this and so to start a terminal session.


Maddern complains, had difficulties in finding a competent contact person on Skype and then just get a standard e-mail to have been placed in him to take his actual message with the next update in sight. "That was over a month ago and so far no update is published," added the hackers.

A few hours later, Skype has his hand to a blog entry replied : Yes - already on 14 April had one problem with a hotfix eliminates, writes Adrian Asher, namely with Skype for Mac in version 5.1.0.922. This version , however, actually with a creation date on the 7th April. "Since no reports exist on the utilization of the gap, we have our users are not prompted to install this update." Only when the next week is scheduled for major update to the clients the user log on Macs and their owners to update beseech. Nevertheless, the company spokesman recommends the installation of the update that would go with the command "Check for Update ..." in the application itself

Discoverer Maddern describes - without details call - the security flaw as highly critical: A short message via Skype enough to retain control of the Mac be overshadowed. This was also realized in the form of a worm and then very dangerous. Skype itself from stirred, Who have not the default settings for privacy may appear blurred unsolicited, from people you do not receive such messages.

Skype users with Windows or Linux need to ensure this problem is also not the Mac users, the much leaner version 2.x are still using. Whether already the April update of the Mac version 5 really closes the gap or for the next week announced the first, remains open for the time being, Pure Hacking is silent on the details of the feasibility study. Affected users deal with the update will most likely be, and should the privacy settings for messages only from contacts in the contact list in permit.

2 comments:

Gaston said...

Wow, talk about negligence, freaking companies man. I hope someone loses their identity and finds out it was preventable so they can sue the company for the price of a division.

fit4life said...

what is going on in the corporations today!