Skype for Mac Vulnerability Lets Remote Users Control Your Computer
![Skype for Mac Vulnerability Lets Remote Users Control Your Computer [Hackers Can Gain Shell Access Through Unpatched Vulnerability in Skype for Mac; Don't Accept Messages From Strangers]](http://tftscdn.nexus404.com/Blog/thumbnailimages/alt/skype-on-a-macTFTSThumb220153.jpg)
A zero-day exploit in the Mac version of Skype allows remote users access to your computer just by sending a message. If you’re a Skype for Mac user, better be careful whom you talk with.
Skype for Mac version 5.x brings in new features, takes away others, and adds something unexpected–the ability to control a user’s computer just by sending a message. Gordon Maddern of Pure Hacking has discovered that he can control computers running Skype by sending a specific message with a “payload.”
Completely by accident, my payload executed in my collegues skype client … I decided to investigate a little further and found that the Windows and Linux clients were not vulnerable. It was only the Mac skype client that seemed to be affected … At this point I figured out what was needed to execute code. So I put together a proof of concept using metasploit and meterpreter as a payload. Low and behold I was able to remotely gain a shell.
Basically, your Skype client grants another user shell access to your computer when a certain message is received. So the best way to deal with this is to set your account to accept messages only from known correspondents, which is the default setting. Even then, you’re not assured that people in your address book will not use the exploit against your computer, though.
Maddern has not disclosed the exact contents of the message that will trigger the remote shell, but says he will publicize this when Skype has issued an update. Skype says it patched the exploit with a hotfix last April, but decided not to publicize the update yet, for three reasons: (1) another major update is underway; (2) the default setting is to accept only messages from known users; and (3) that the exploit is not widely known, anyway.
At the time they alerted us, we were already aware of the issue and were working on a fix to protect Skype users from this vulnerability, as we take our users’ security very seriously. We subsequently released a hotfix for this problem in a minor update (Skype for Mac version 5.1.0.922) on April 14th. As there were no reports of this vulnerability being exploited in the wild, we did not prompt our users to install this update, as there is another update in the pipeline that will be sent out early next week.
Still, if you’re worried about your security, better go ahead and upgrade Skype to 5.1.0.922.
Credit: Source.iOS Devs Can Access Photos & Videos on iPhone & iPad Almost Unrestricted Thanks to Unexpected Bug
New Report Details Unknown Xbox Vulnerability, User Sensitive Data at Risk?
Reports Of Early Tests With Skype For Windows Phone Reveal An Unexpected Flaw In The System Current Skype Users Will Likely Notice
New Amazon Windows App Lets Users Send & "Print" Documents Straight to Kindle Tablet or e-Reader
Breaking News
The TFTS Team
