Following on from last week’s discovery within Skype for Mac of a critical security flaw, which allowed instant messages to be used to gain remote access to another Mac machine, Skype has today rolled out an update to fix this critical security issue.
Apparently, the fix had been created by Skype and was ready to roll out on April 14th. However, it was held back by Skype because there were no reports of the security issue being active. Luckily, the method used to control another Mac via an instant message could only be received by default from people you already ‘trust’ within Skype.
As of today, there’s a new hotfix (5.1.0.935) that is being provided for all Skype 5 users; it closes the security holes and also fixes a few bugs, including video issues on high-bandwidth networks. Skype recommends that all users update to the new build.
Understanding the Security Flaw
The security flaw in question was particularly concerning because it allowed malicious actors to gain remote access to a Mac simply through an instant message. This type of vulnerability is known as a remote code execution (RCE) flaw. RCE vulnerabilities are among the most dangerous because they allow attackers to execute arbitrary code on a victim’s machine, potentially leading to data theft, system compromise, or further network infiltration.
In this case, the flaw was somewhat mitigated by the fact that it could only be exploited by contacts already trusted within Skype. This means that an attacker would need to be on the victim’s contact list, reducing the likelihood of widespread exploitation. However, the potential for abuse was still significant, especially in scenarios where an attacker could gain the trust of a victim or if a trusted contact’s account was compromised.
Importance of Timely Updates
The delay in rolling out the fix, despite its readiness, highlights a critical aspect of cybersecurity: the importance of timely updates. While Skype’s decision to hold back the update due to a lack of active exploitation reports might seem reasonable, it also underscores the risks associated with delayed patching. Cybersecurity experts often stress that vulnerabilities should be patched as soon as possible to minimize the window of opportunity for attackers.
In this instance, the delay did not result in any known exploitation, but it serves as a reminder of the delicate balance between operational considerations and security imperatives. Users are encouraged to always keep their software up to date to protect against known vulnerabilities.
The new hotfix (5.1.0.935) not only addresses the critical security flaw but also resolves several other issues. For instance, users had reported problems with video calls on high-bandwidth networks, which have now been fixed. This update aims to enhance the overall user experience by improving stability and performance.
To update Skype, users can simply go to the Skype menu and select “Check for Updates.” If an update is available, it will be downloaded and installed automatically. Keeping software up to date is one of the simplest yet most effective ways to protect against security threats.
In conclusion, while the discovery of the security flaw in Skype for Mac was alarming, the swift action taken by Skype to address the issue is commendable. This incident serves as a reminder of the importance of cybersecurity vigilance and the need for users to regularly update their software to stay protected against emerging threats.
Source: Skype
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
