Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Unpatched Exploit: Skype for MAC SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Unpatched Exploit: Skype for MAC

According to a Pure Hacking Blog Entry = http : //www.purehacking.com/blogs/gordon-maddern/skype-0day-vulnerabilitiy-discovered-by-pure-hacking and The Register UK = http : //www.theregister.co.uk/2011/05/06/skype_for_mac_critical_vulnerability/

There is a 0 Day exploit that exists for Skype on MAC. Windows and Linux are unaffected. Some best practices for Skype include setting your messages to only allow from Contacts. This does not protect you from infected contacts but it might help.

Please take measures to protect yourself. We are not aware of this being exploited in the wild and as most of us might use the operating system affected, we are both personally and professionally interested.

 

 

Richard Porter

--- ISC Handler on Duty

 

Richard

168 Posts
ISC Handler
May 6th 2011
The patched version is available, although not yet pushed to clients - 5.1.0.922. Use:
Skype -> Check for Updates...
Ken

40 Posts
A MAC is a unique identifier for a network device, not the name of a computer.
Ken
1 Posts
Put up a nice little writeup about this this morning out at http: //www.h-online.com/security/news/item/Confusion-over-Skype-for-Mac-security-issue-1239842.html. Shows the confusion between the individual that found the exploit and Skype.
Dean

135 Posts
Reports are that Microsoft is going to buy Skype. The Apple problem just sorted itself out. LOL
Dean

135 Posts

Sign Up for Free or Log In to start participating in the conversation!