Skip to main content

Security flaw in Skype for Mac fixed, users told to update

Attention all Mac owners who use Skype. A flaw has been identified in Skype 5 that enables an attacker to gain remote control of a Mac computer running the software.

Gordon Maddern, a member of a group of ethical hackers based in Australia that goes by the name of Pure Hacking, wrote in a blog post on Friday that he had identified the security flaw last month. “The long and the short of it is that an attacker needs only to send a victim a message and they can gain remote control of the victim’s Mac,” Maddern said.

Recommended Videos

Describing the flaw as “extremely wormable and dangerous,” Maddern contacted Skype to inform them of the issue and heard nothing back – until today. A short time after his post appeared on Pure Hacking’s blog, Skype posted a response on its own website in order to reassure users.

Adrian Asher, Skype‘s chief information security officer, confirmed that the company was indeed contacted by Maddern last month. Asher explained in the post that the issue was “related to a situation when a malicious contact would send a specifically crafted message that could cause Skype for Mac to crash. Note, this message would have to come from someone already in your Skype Contact List, as Skype’s default privacy settings will not let you receive messages from people that you have not already authorized.”

In the post, Asher claims that they were already working on a fix when they heard from Pure Hacking, and as a result the Luxembourg-based company issued a hotfix (Skype for Mac version 5.1.0.922) on April 14. This update, however, was not pushed to Skype users “as there were no reports of this vulnerability being exploited in the wild.”

Asher goes on to announce that a new update, which will include the hotfix along with a number of other bug fixes, will be sent out next week. This update, however, will prompt users to install it. Asher’s post ends by recommending that users make sure they are running the latest version of Skype (with the April 14 fix). Mac users can check now by clicking here. Skype users with Windows and Linux are not susceptible to the vulnerability.

Founded in 2003, the company’s hugely popular VoIP application can have around 23 million users logged in and chatting at any one time. Recent reports have suggested that the company is in talks with both Google and Facebook regarding a possible joint venture or acquisition.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
The best Mac security tips: 7 mistakes you’re making, and how to fix them
A MacBook Pro 13-inch sits partially open on a table.

 

While Macs are generally more secure than their Windows cousins, that does not mean they are totally invulnerable. In fact, the extra security you get with a Mac could mean you do not take as much care with your private data as you should, thus inadvertently putting yourself at risk.

Read more
This compact HP Omen gaming PC is on sale at 39% off today
The HP Omen 16L gaming desktop sitting on a desk.

For those who want a proper gaming desktop but don't have enough space for a big and bulky machine, the HP Omen 16L could be what you need. You're in luck because it's on sale from the gaming PC deals of HP right now, with this configuration featuring the Nvidia GeForce RTX 3050 graphics card available at 39% off. You'll only have to pay $800 instead of its original price of $1,330, but you need to push through with your purchase immediately if you want to make sure you pocket the savings of $530.

Why you should buy the HP Omen 16L gaming PC

Read more
SpaceX’s Starlink rival is about to launch more internet satellites — here’s how to watch
Amazon's KA-01 mission for Project Kuiper gets underway from the Space Coast.

[UPDATE: A technical issue with the rocket has caused the launch to be postponed. We'll update this article with the new launch schedule just as soon as it becomes available.]

Amazon is preparing to launch its second batch of Project Kuiper internet satellites to orbit as it seeks to build out a constellation to take on SpaceX’s Starlink service.

Read more