Skype For Mac Flaw Gives Hackers Root Access

An Australian-based security consultant, Gordon Maddern, discovered a major flaw in Skype for Mac that could give hackers complete access to your Mac. The attack is as simple as the attacker sending you a message with an attachment in and instant message to gain total control.

The flaw was found in the current version of Skype for Mac and was discovered accidentally while Gordon Maddern was chatting with a colleague.

Gordon Maddern told The Register about his discovery.

About a month ago I was chatting on Skype to a colleague about a payload for one of our clients. Completely by accident, my payload executed in my colleagues Skype client. So I decided to test another mac and sent the payload to my girlfriend. She wasn’t too happy with me as it also left her Skype unusable for several days.

To prove his point he wrote a proof-of-concept attack that allowed him to gain remote access to the shell on a targeted Mac. The payload that he used is sent in an instant message, because of this the affected Mac can be used to spread and infect other computers.

The original posting about the flaw was on his blog, Pure Hacking and in it he says he notified Skype about this issue. The only response he got back was the canned thank you and that they were “aware of this issue and will be addressing it in the next hotfix.”

This issue has been in the making for a month at the time of the posting, and has yet to be fixed. The specifics of the attack isn’t revealed and it is unclear of there needs to be any user interaction to activate the flaw.

As of this posting Skype hasn’t done anything about this huge issue, and the program is still open to attack.