Skip to main content

Security flaw in Skype for Mac fixed, users told to update

Attention all Mac owners who use Skype. A flaw has been identified in Skype 5 that enables an attacker to gain remote control of a Mac computer running the software.

Gordon Maddern, a member of a group of ethical hackers based in Australia that goes by the name of Pure Hacking, wrote in a blog post on Friday that he had identified the security flaw last month. “The long and the short of it is that an attacker needs only to send a victim a message and they can gain remote control of the victim’s Mac,” Maddern said.

Recommended Videos

Describing the flaw as “extremely wormable and dangerous,” Maddern contacted Skype to inform them of the issue and heard nothing back – until today. A short time after his post appeared on Pure Hacking’s blog, Skype posted a response on its own website in order to reassure users.

Adrian Asher, Skype‘s chief information security officer, confirmed that the company was indeed contacted by Maddern last month. Asher explained in the post that the issue was “related to a situation when a malicious contact would send a specifically crafted message that could cause Skype for Mac to crash. Note, this message would have to come from someone already in your Skype Contact List, as Skype’s default privacy settings will not let you receive messages from people that you have not already authorized.”

In the post, Asher claims that they were already working on a fix when they heard from Pure Hacking, and as a result the Luxembourg-based company issued a hotfix (Skype for Mac version 5.1.0.922) on April 14. This update, however, was not pushed to Skype users “as there were no reports of this vulnerability being exploited in the wild.”

Asher goes on to announce that a new update, which will include the hotfix along with a number of other bug fixes, will be sent out next week. This update, however, will prompt users to install it. Asher’s post ends by recommending that users make sure they are running the latest version of Skype (with the April 14 fix). Mac users can check now by clicking here. Skype users with Windows and Linux are not susceptible to the vulnerability.

Founded in 2003, the company’s hugely popular VoIP application can have around 23 million users logged in and chatting at any one time. Recent reports have suggested that the company is in talks with both Google and Facebook regarding a possible joint venture or acquisition.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
The best Mac security tips: 7 mistakes you’re making, and how to fix them
A MacBook Pro 13-inch sits partially open on a table.

While Macs are generally more secure than their Windows cousins, that does not mean they are totally invulnerable. In fact, the extra security you get with a Mac could mean you do not take as much care with your private data as you should, thus inadvertently putting yourself at risk.

To help combat that, we have put together a guide to tightening up your Mac security. Even if you consider yourself a privacy aficionado, the chances are you could be making at least one of these mistakes. If you want to strengthen your Mac security and keep your private data safe, read on to see how you can fix things up for good.
Install a robust antivirus app

Read more
Microsoft contractors reviewed Skype, Cortana audio with ‘no security measures’
skype disappears from app stores china quito  ecuador august 3 2015 white smartphone closeup lying next to silver pen and wal

Microsoft contractors reportedly reviewed recordings from Skype and Cortana with "no security measures" in place, compromising the security of the apps' users.

The Guardian reported the security risk from an interview with a former contractor, who said that he used his personal laptop while working on the project over a span of two years from his home in Beijing.

Read more
Black Friday’s best PC hardware deal is still live, and you’re sleeping on it
The Ryzen 5 7600X sitting among thermal paste and RAM.

I'm not mad, just disappointed. A couple of weeks ago, I covered the insane deal that essentially allowed you to score a Ryzen 5 7600X -- still one of the best processors you can buy -- for just $105. At the time, I thought, surely, this will sell out in a matter of hours. Who would pass up on a deal this good? And yet, two weeks later to the day, the craziest deal I've seen during all of Black Friday and Cyber Monday is still live on Newegg.

Let me break down the deal again. You can get the Ryzen 5 7600X for $225, which is not a good price. However, you can get an additional $30 off by using promo code DLCDZ342, bringing the price down to $195. The kicker is that you also get a free Team Group MP44L 1TB PCIe 4.0 SSD. That's a $90 hard drive that Newegg is just throwing in with a CPU that's already available for a decent price. The fact that the deal is still live suggests either Newegg has a ton of inventory, or not enough people know about this sale.

Read more