Fix Skype 0day Vulnerability: Patch for Mac Client Available

Saturday, May 7, 2011

Fix Skype 0day vulnerability: Patch for Mac Client Available

Last night we post an article Skype 0day vulnerability: Skype bug gives root access to Mac OS X: Discovered by Pure Hacking. Extremely wormable and dangerous. Mac users running Skype are vulnerable to self-propagating exploits that allow an attacker to gain unfettered system access by sending a specially manipulated attachment in an instant message.

In response to it, today morning SKYPE announces that the patch was available since April 14th, despite users not being automatically notified. Skype announces that a patch for a vulnerability in its Mac client that could be used to remotely execute code has been available since April 14th, despite users not being automatically notified.

On the company's blog, Skype's Adrian Asher, claims that a hotfix (Skype for Mac version 5.1.0.922) has been available since April 14th, but that users haven't been automatically prompted to update.

"As there were no reports of this vulnerability being exploited in the wild, we did not prompt our users to install this update, as there is another update in the pipeline that will be sent out early next week," he explains. Users interested in deploying the patch need to manually click on Skype and then Check for Updates inside the program. Asher doesn't mention anything about remote code execution as a risk. He refers to the flaw's impact as a crash. This is not incorrect, as crashes can be exploitable, but it is somewhat misleading, as it suggests a simple denial of service condition.

Learn How To Hack! Learn Ethical Hacking and Download Free Hacking Tools

Receive Daily Updates

Saturday, May 7, 2011

Fix Skype 0day Vulnerability: Patch for Mac Client Available

0 Visitor Reactions & Comments: