The Skype client for Apple Mac computers has a security flaw that allows an attacker to gain remote control of a victim’s Mac. Skype has quietly released an on-demand update for the bug last month and will push out a larger update next week that will also include the fix. Users using Skype 5 do an update now!
Last month, we were contacted by Pure Hacking, a group of ethical hackers in Australia, who reported what they believed to be a zero-day vulnerability in Skype for Mac 5.x. This vulnerability, which they blogged about earlier today, is related to a situation when a malicious contact would send a specifically crafted message that could cause Skype for Mac to crash. Note, this message would have to come from someone already in your Skype Contact List, as Skype’s default privacy settings will not let you receive messages from people that you have not already authorized, hence the term malicious contact.
At the time they alerted us, we were already aware of the issue and were working on a fix to protect Skype users from this vulnerability, as we take our users’ security very seriously. We subsequently released a hotfix for this problem in a minor update (Skype for Mac version 126.96.36.1992) on April 14th. As there were no reports of this vulnerability being exploited in the wild, we did not prompt our users to install this update, as there is another update in the pipeline that will be sent out early next week.
Apple has previously posted a memo from Steve Jobs regarding Flash. In a nutshell, the Apple CEO says Flash is unreliability, insecure and has low performance. And he did not want developers to use Flash tools to develop sub-standard iPhone, iPad apps.
Now Adobe finally revealed that there is a critical flaw in Flash. The critical vulnerability could let attackers take control of people’s computers. No official patch to fix the problem yet.
Apparently Google also hates flash. From SFGate: Google, at the end of the day, also hates Flash. Running an all flash environment is SEO death. Flash websites are simply too complicated for Google’s spiders to actually understand. Google sees the internet primarily in text – flash, and other scripts are ignored.
Will we see the end of Flash soon? We think so, just like DOS, floppy disks and cassette tapes.