Home Business IT Security Mac Skype hack exposed

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Job Function:
Australian State:
Email marketing by Interspire
weebly statistics

Now that a patch is available, the organisation that found the Mac Skype vulnerability is openly discussing the issue.  We recommend users get the update quickly.

Recently, the team at Pure Hacking discovered a bug in the current Mac version of Skype.  In the interests of ethical disclosure, they reported the bug to Skype in detail and announced to the world only that they had discovered an issue.

Skype has now released an updated version with the issue addressed.  With that version now widely available, Pure Hacking has decided to discuss the issue in detail.

The bug is based around a persistent XSS (cross-site scripting) attack which would allow an attacker to redirect a victim's PC to any website of the attacker's choosing (which will almost certainly contain some kind of anti-social software!).

According to the statement by Gordon Maddern of Pure Hacking, It is caused by Skype failing to sanitize a message before the client renders the message. It is persistant because it is stored in the users chat history and the payload is re-executed everytime the contact is clicked. It requires no user interation and can be triggered just by sending a message. As far as we could tell there was no setting to prevent this. The following proof of concept demonstrates this:


The success of this attack is up to the attackers imagination. Some of the examples Pure Hacking tested were:

1) Using a browser exploit to execute shellcode
2) Using metasploits browser autopwn
3) Using SET to clone the skype.com website so the victim was redirected to what looked like the Skype website and running a malicious java applet
4) Using Beef to hook in a zombie
5) Using the the javascript attack API

If readers use Skype on a Mac and haven't yet downloaded the latest version, iTWire suggests they do so immediately.


Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!



Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup


David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.