Skip to main content

Security flaw in Skype for Mac fixed, users told to update

Attention all Mac owners who use Skype. A flaw has been identified in Skype 5 that enables an attacker to gain remote control of a Mac computer running the software.

Gordon Maddern, a member of a group of ethical hackers based in Australia that goes by the name of Pure Hacking, wrote in a blog post on Friday that he had identified the security flaw last month. “The long and the short of it is that an attacker needs only to send a victim a message and they can gain remote control of the victim’s Mac,” Maddern said.

Describing the flaw as “extremely wormable and dangerous,” Maddern contacted Skype to inform them of the issue and heard nothing back – until today. A short time after his post appeared on Pure Hacking’s blog, Skype posted a response on its own website in order to reassure users.

Adrian Asher, Skype‘s chief information security officer, confirmed that the company was indeed contacted by Maddern last month. Asher explained in the post that the issue was “related to a situation when a malicious contact would send a specifically crafted message that could cause Skype for Mac to crash. Note, this message would have to come from someone already in your Skype Contact List, as Skype’s default privacy settings will not let you receive messages from people that you have not already authorized.”

In the post, Asher claims that they were already working on a fix when they heard from Pure Hacking, and as a result the Luxembourg-based company issued a hotfix (Skype for Mac version on April 14. This update, however, was not pushed to Skype users “as there were no reports of this vulnerability being exploited in the wild.”

Asher goes on to announce that a new update, which will include the hotfix along with a number of other bug fixes, will be sent out next week. This update, however, will prompt users to install it. Asher’s post ends by recommending that users make sure they are running the latest version of Skype (with the April 14 fix). Mac users can check now by clicking here. Skype users with Windows and Linux are not susceptible to the vulnerability.

Founded in 2003, the company’s hugely popular VoIP application can have around 23 million users logged in and chatting at any one time. Recent reports have suggested that the company is in talks with both Google and Facebook regarding a possible joint venture or acquisition.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
The best Mac security tips: 7 mistakes you’re making, and how to fix them
A MacBook Pro 13-inch sits partially open on a table.

While Macs are generally more secure than their Windows cousins, that does not mean they are totally invulnerable. In fact, the extra security you get with a Mac could mean you do not take as much care with your private data as you should, thus inadvertently putting yourself at risk.

To help combat that, we have put together a guide to tightening up your Mac security. Even if you consider yourself a privacy aficionado, the chances are you could be making at least one of these mistakes. If you want to strengthen your Mac security and keep your private data safe, read on to see how you can fix things up for good.
Install a robust antivirus app

Read more
Microsoft contractors reviewed Skype, Cortana audio with ‘no security measures’
skype disappears from app stores china quito  ecuador august 3 2015 white smartphone closeup lying next to silver pen and wal

Microsoft contractors reportedly reviewed recordings from Skype and Cortana with "no security measures" in place, compromising the security of the apps' users.

The Guardian reported the security risk from an interview with a former contractor, who said that he used his personal laptop while working on the project over a span of two years from his home in Beijing.

Read more
Your Lenovo laptop may have a serious security flaw
Lenovo laptop on desk

Users of older Lenovo laptops should beware of a security flaw that may affect their PCs, particularly if their laptops are still running a program called Lenovo Solution Center.

According to Laptop Magazine, security researchers at Pen Test Partners have discovered a security vulnerability that could effectively “hand admin privileges over to hackers or malware.” And since the flaw affects Lenovo laptops that came pre-installed with the Lenovo Solution Center program, millions of older Lenovo laptops could be affected by the flaw. This is because Lenovo laptops had the program installed for years, from 2011 all the way to November 2018.

Read more