Microsoft has patched a critical security vulnerability which allows computer hackers to harvest all kinds of sensitive data from their targets.
Skype Had a Dangerous Backdoor
One of the most popular video chatting and messenger apps Skype was featured with a very dangerous security issue. Microsoft has alerted that they have fixed a problem that allowed computer criminals to carry out dangerous remote data harvesting and manipulate malicious activities.
The backdoor provides access to all of these actions without any form of authentication on the Skype OS X version and according to the security experts it has been active since at least 2010. It is likely that this has been made intentionally by a developer at Skype before the company was acquired by Microsoft. The estimate number of exposed machines number around 30 million Mac OS X users.
By definition this is a local exploit in the Skype Desktop API that gives any program, including all types of malware, unauthenticated access to the API. This interface has already been discontinued and is being slowly phased out in all versions of the program across the supported platforms. The backdoor has been made to allow older versions that use the Skype Dashboard Widget plugin to access the Desktop API without any user interaction. This is the most likely reason as the Desktop API has a connection for a client named ” Skype Dashb Wdgt Plugin”. This widget is a small program that runs on the Dashboard of the OS X operating system and is designed to let the users make Skype calls from it by entering a number.
The researchers note that there is no clear indication that the widget has used the backdoor. This fact makes it possible that the code has been left as an accident while the widget has being implemented in the program. The backdoor allows easy access to use it. A simple change in a client application name to the plugin allows the immediate connection. This makes it very easy to install various types of malware.
The remote attacker can use the vulnerability to both extract sensitive data and also take control of the program. All manners of communication including instant messages, contact lists, conversations can easily be harvested by the hackers.
The issue has been patched in the latest versions of Skype for Mac OS X by Microsoft.
