Skype for Mac 5.x: Pure Hacking Discovered 0-day Vulnerability Addressed
Pure Hacking, a group of ethical hackers from Australia, uncovered a 0-day vulnerability that plagues version 5.x of Skype for Mac; the Windows and the Linux versions of Skype are not affected. Here are the details Pure Hacking released about this vulnerability: if someone in the Contact list sends you a specifically crafted message, your Skype for Mac would crash.
By default, Skype for Mac does not accept messages from people who are not in the Contacts list, which means someone who is not on the list could not exploit the vulnerability and crash Skype for Mac. The person trying to exploit this vulnerability would have to already be in the Contact list or trick the user into adding him to the list.
The group of ethical hackers contacted Skype to tell the company about the vulnerability. The good news is that when Pure Hacking contacted Skype, Skype was already aware of the vulnerability and was working on a fix. The even better news is that the vulnerability has been fixed in Skype for Mac version 5.1.0.922, an update that you will have to get manually (either by clicking Skype -> Check for updates or by downloading it straight from Skype here).
Skype explained that because it did not see any reports of the vulnerability being exploited in the wild, users will not be prompted to get Skype for Mac version 5.1.0.922. “As there were no reports of this vulnerability being exploited in the wild, we did not prompt our users to install this update, as there is another update in the pipeline that will be sent out early next week,” said Skype’s Chief Information Security Officer Adrian Asher on Friday, the 6th of May.
Asher went on to say that the update that is in the pipeline will contain additional big fixes and that when it will be rolled out, Skype for Mac users will be prompted to get the update.
Tags: Skype, Skype for Mac, Security
By default, Skype for Mac does not accept messages from people who are not in the Contacts list, which means someone who is not on the list could not exploit the vulnerability and crash Skype for Mac. The person trying to exploit this vulnerability would have to already be in the Contact list or trick the user into adding him to the list.
Advertising
The group of ethical hackers contacted Skype to tell the company about the vulnerability. The good news is that when Pure Hacking contacted Skype, Skype was already aware of the vulnerability and was working on a fix. The even better news is that the vulnerability has been fixed in Skype for Mac version 5.1.0.922, an update that you will have to get manually (either by clicking Skype -> Check for updates or by downloading it straight from Skype here).
Skype explained that because it did not see any reports of the vulnerability being exploited in the wild, users will not be prompted to get Skype for Mac version 5.1.0.922. “As there were no reports of this vulnerability being exploited in the wild, we did not prompt our users to install this update, as there is another update in the pipeline that will be sent out early next week,” said Skype’s Chief Information Security Officer Adrian Asher on Friday, the 6th of May.
Asher went on to say that the update that is in the pipeline will contain additional big fixes and that when it will be rolled out, Skype for Mac users will be prompted to get the update.
Tags: Skype, Skype for Mac, Security
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 23 May 2013
Microsoft rolled out a new ad in which it uses Siri’s voice to highlight several things the iPad can’t do. This brings back memories of the famous “Get a Mac” ads that bashed Microsoft’s PCs.
By George Norman on 22 May 2013
The free 9GAG app for Android-powered devices has been updated to version 1.4 earlier this week. The update adds the option to upload posts to 9GAG from within the app.Related News
By George Norman on 10 Apr 2013
BitDefender recently rolled out an app that will protect your Android device: BitDefender Antivirus Free. The ad for the recently released app was designed by the guys 
By George Norman on 25 Mar 2013
It just goes to show you that no security solution is infallible. Kaspersky Lab announced that it uncovered malware on many PCs that already had a security solution in place – even on PCs protected by reputable security products.
By George Norman on 21 Jan 2013
Microsoft announced that it will retire its instant messaging client Windows Live Messenger on the 15th of March. Skype, the IM and VoIP client Microsoft purchased in 2011, will replace Live Messenger.
By George Norman on 11 Dec 2012
Just by answering a question you have the chance to win a Nexus 10 tablet, retail value $400, and a license for F-Secure Mobile Security 2013, retail value $60.Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Skype for Mac 5.x: Pure Hacking Discovered 0-day Vulnerability Addressed
HTML Linking Code
HTML Linking Code