Writing on the blog of security firm Pure Hacking, researcher Gordon Maddern said on Friday that the vulnerability means "an attacker needs only to send a victim a message [through Skype] and they can gain remote control of the victim's Mac". He added that the exploit was "extremely wormable and dangerous".
According to Maddern, he notified the VoIP company about the vulnerability more than a month ago, only to get a standard response reading: "Thank you for showing an interest in Skype security. We are aware of this issue and will be addressing it in the next hotfix". A fix has still not been released in the intervening period, he said.
"Pure Hacking won't give specifics on how to perform this attack until a patch from Skype is released," Maddern wrote. "However, we will give a full disclosure after Skype takes action or a reasonable responsible disclosure time."
According to Maddern, Skype's Windows and Linux clients are not vulnerable to the attack.
UPDATE (5:13pm): Skype has just sent ZDNet UK a statement promising a fix next week. The statement reads: "We are aware of this and will release a fix early next week to resolve the issue. We take our users privacy very seriously and are working quickly to protect Skype users from this vulnerability."
LINK TO OUR HOME PAGE :