Skype's dangerous exploit: What you need to know

Skype for Mac has a dangerous and wormable zero-day vulnerability

Security researchers revealed a dangerous exploit in Skype for Mac which can be exploited to create a worm that can take control of Mac PCs. This FAQ will help you understand the potential impact of the threat, and what you can do to protect your system.

What is the vulnerability? PureHacking, an Australian security research firm published a blog post describing a vulnerability and proof of concept exploit affecting Skype for Mac.

What is the potential risk? The researchers at PureHacking and the developers at Skype seem to disagree on the scope of the threat. PureHacking claims to have developed a proof-of-concept exploit that allows the attacker to take complete control of the vulnerable Mac system, and states that the flaw is easily wormable and extremely dangerous.

Skype's seems to believe the threat is much more limited. Skype explains that a message from a malicious contact could cause the Skype for Mac software to crash, and stresses that default privacy settings in Skype restrict the impact because you can only received messages from your authorized list of contacts.

There is a pretty big difference between "limited threat that crashes the Skype client" and "dangerous worm that pwns Mac PCs". PureHacking may lean toward "sky is falling" for the sensationalism, while Skype has a motive for erring on the side of "no big deal". Lets assume the truth is somewhere in the middle.

Is my version of Skype affected? According to the Skype blog post, only Skype for Mac 5.x is affected. Earlier versions are not vulnerable to this exploit.

What about Skype on Windows or Linux? The flaw only exists in the Skype for Mac client. PureHacking investigated the issue on Skype for Windows, and Skype for Linux and found that the exploit does not work on those platforms.

Is this related to the Skype for Android app issue? No. The issue with the Skype for Android app was a configuration error by Skype that left a database containing sensitive data open and unencrypted. This vulnerability is a flaw that enables a specially-crafted Skype message to execute malicious code on the target Mac OS X system.

Should I be concerned? The risk of exploit is virtually nil for Mac OS X. Despite assertions by Apple loyalists that Mac OS X is simply more secure by default and virtually impervious to attack, the annual Pwn20wn contest, and the proof-of-concept exploit developed by PureHacking for this threat demonstrate otherwise. That said, Mac OS X is still a drop in the bucket for PC market share and malware developers have their attention focused on the big pool, so there is little risk of this being exploited in the wild any time soon.

Is there a fix? Skype claims to have been aware of the issue even before PureHacking brought it to its attention, and has already developed a hotfix which has been available since April 14. Skype has not pushed the hotfix, though, because it is not aware of this flaw being exploited in the wild. Next week, Skype will push an updated version of Skype for Mac 5.x which resolves the problem, and includes a variety of other tweaks and fixes as well.

What should I do? If you are really concerned, get the hotfix from Skype and apply it now. If you prefer, though, you can probably just wait until next week when Skype unleashes the updated version.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareskypeoperating systemssoftwarewormsMac OS

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?