Gordon Maddern of Australian security consultancy Pure Hacking blogged on Friday about extremely dangerous vulnerability in Skype: "The long and the short of it is that an attacker needs only to send a victim a message and they can gain remote control of the victim's Mac … It is extremely wormable and dangerous".
The vulnerability isn't present in the Windows or Linux versions of the popular VoIP program, was confirmed by Skype spokeswoman Brianna Reynaud, who said a fix will be rolled out next week. Its disclosure comes the same week that researchers discovered a new crimekit that streamlines the production of Mac-based malware. It also comes as new malware surfaced for Apple's OS X that masquerades as a legitimate antivirus program.
"At the time they alerted us, we were already aware of the issue and were working on a fix to protect Skype users from this vulnerability, as we take our users' security very seriously. We subsequently released a hotfix for this problem in a minor update (Skype for Mac version 5.1.0.922) on April 14th.", is written in the official Skype blog.
"As there were no reports of this vulnerability being exploited in the wild, we did not prompt our users to install this update, as there is another update in the pipeline that will be sent out early next week", Skype's Adrian Asher wrote.
It is unfortunate, that many companies consider hiding information about security vulnerabilities in their software and even threatening security researchers who are willing to disclose it.
