Skype zero day bug opens Mac security can of worms

Macs are completely vulnerable to a zero day flaw which allows hackers to gain control of the user’s system using the message system in Skype.

Aussie insecurity outfit Pure Hacking has told AP that the vulnerability in Skype was dangerous.

Apparently the Mac’s faith-based security implodes if someone sends it a malicious instant message.

Writing in his bog Gordon Maddern, wrote that he first discovered the bug when he sent a client’s payload to his colleague on Skype.

Later he wrote a proof-of-concept malicious pay-load and tested it on Skype.

An attacker needs only to send a victim a message and they can gain remote control of the victim’s Mac. It could be designed to link to a worm and turn the mac into a zombie network.  Well, at least,  a different one from iTunes.

Maddern told Skype about the vulnerability about a month ago and got a reply informing that it was aware of the problem and would release a patch for it soon.

After a month Maddern decided to tell peoplec about the vulnerability. He said he had withheld a few details so hackers could not write much code based around the flaw.

Skype released a patch in a few days which the outfit claims completely fixes the vulnerability.

Although Zero day bugs exist on other computer systems, cracking open a Mac by sending a message on Skype seems to be a bit easy.

Still Apple users are usually secure in the fact that there is not enough of them for a hacker to be interested, and after all, who will want to copy a Mac User’s Coldplay collection?