Pure Hacking did not release further details of the issue.
'An attacker needs only to send a victim a message and they can gain remote control of a victim's Mac' said Maddern, adding that 'it is extremely wormable and dangerous'. He decided to go public on the issue since it was over a month since he had informed them and no fix had apparently been released. Upon investigation, he found the problem only affected the Mac version of Skype and, with some work, was able to put together an exploit which allowed him to remotely gain access to a shell.Īfter some trouble finding out who to notify, Maddern eventually got in contact with the Skype security team and was told 'we are aware of this issue and will be addressing it in the next hotfix'. The problem was identified by Gordon Maddern of Pure Hacking who, in a blog entry, explained how he had discovered the problem by accident while exchanging payload files with a colleague. Skype released a fix in the middle of April but did not push out an update notification as it believed the problem was not being exploited. Since the start of April there has been a serious security problem in the Skype for Mac client which could allow an attacker to remotely get access to a shell.
