A recently discovered zero-day bug in the Mac version of Skype allows hackers to gain control of the user's system by sending a malicious instant message.
According to Australian security consultancy company Pure Hacking, the vulnerability in Skype is dangerous and would allow anyone with the know-how to gain control of a Mac by simply sending a malicious instant message.
In a blog post, Gordon Maddern of Pure Hacking explained that he first discovered the bug when he sent a client’s payload to his colleague on Skype.
He later confirmed his suspicions by crafting a proof-of-concept malicious pay-load and testing it on Skype.
“The long and the short of it is that an attacker needs only to send a victim a message and they can gain remote control of the victims Mac. It is extremely wormable and dangerous,” he wrote on the blog.
Maddern informed the Skype security team about the vulnerability about a month ago. At that time, the company sent a curt reply informing that it was aware of the issue and would release a patch for it soon.
A month later, Maddern decided to inform the public about the vulnerability, although he withheld some key details until a patch could be released.
A few hours after the story began to spread, Skype released a patch which the company claims completely fixes the vulnerability.