Critical hole in Skype for Mac
Skype is warning Mac users of a critical security hole in their Skype VoIP software. According to an error report from the eBay associate company, an attacker may infiltrate his own code through a so-called format string vulnerability in the Skype for Mac software. The code will then execute in the user's context if the victim clicks onto a malformed Skype URL, for instance, in an e-mail or on a Web site. According to Skype, a successful attack depends on several factors; in many cases the client may just crash.
The problem is caused by how some arguments for a function to initialise the alarm panel are handled. Affected versions include Skype for Mac on the PPC platform, for all releases prior to and including 1.5.*.79. Mac systems on Intel platforms are not vulnerable, since there is no Skype version for these platforms. According to Skype, the bug has been fixed in version 1.5.*.80.
Tom Ferris, who has detected this bug, says that he found this flaw in less than five minutes, running a fuzzing tool. In his blog he even reports to have found several interesting bugs and to have informed Skype accordingly. It is not clear how many holes in the Skype for Mac software are still open. For the one hole disclosed, Ferris provided a flash demo video on his pages. So far, no exploits have been published. Ferris has also announced that he intends to publish detailed information on holes in Windows Media Player 11.
- SKYPE-SB/2006-002: Improper handling of URI arguments, Skype security bulletin
- Fun with Skype on OSX..., alert posted by Tom Ferris