Don't attack people!
Don't respond to the Anti-Apple Thread Trolls!
PLEASE IGNORE THEM!!!
Apple Security Alert Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 05/06/2011 4:33:50 PM PDT by Swordmaker
If you want on or off the Mac Ping List, Freepmail me.
It remotely gives shell access.What are the limitations of "shell access?"
Not much limitation... user access. So don't run as administrator. This is not good.
Why is Skype running data in an executable area??? That is stupid and unforgivable!
Better idea... don’t run Skype...
I am actually amazed Skype could even do that. I find Apple products usually are not as loose as that.
***So don’t run as administrator. This is not good.***
So what do you do if you’re an only user and have to be administrator?
The update says:
“...a hotfix for the vulnerability was released in mid April.
‘As there were no reports of this vulnerability being exploited in the wild, we did not prompt our users to install this update, as there is another update in the pipeline that will be sent out early next week,’ Skype’s Adrian Asher wrote.
He added:
This vulnerability, which they blogged about earlier today, is related to a situation when a malicious contact would send a specifically crafted message that could cause Skype for Mac to crash. Note, this message would have to come from someone already in your Skype Contact List, as Skype’s default privacy settings will not let you receive messages from people that you have not already authorized, hence the term malicious contact.”
All I can find - that it messes up skype on the “affected computer”? So - “self-propagating” means that a user has to manually send it to another user? I guess I don’t understand...
Also - this is a problem with Skype’s code, not Apple’s... Yes?
Why would you skype when you can facetime?
You don't have to be the administrator even if you are the only user. Go into system preferences, select Accounts, create a new administrator user (give it an imaginary, difficult but memorable name such as "Senat0rF0gh0rnLegh0rn" [those are zeros where the 'Os' are, just don't use "Admin"!], and a hardened password that you won't forget), make that account an administrator. Turn on Fast User Switching in Login Options (that's at the bottom of the user list)... with the Name option selected. I'd turn off Automatic login. Now Log Off your account. Log into the new Administrator. Change your usual account to Standard User. Lock the Accounts Pane by clicking on the padlock in the lower left corner. Log Off the new Administrator account...
Log back into your usual account and continue your usual operations. You can still add software and install stuff, but you will have to provide the new Administrator name and password when you need to do that... a much safer way of operating. You can always switch to the Administrator for long jobs requiring administration by clicking on your name on the upper right of the menu bar and selecting the Admin account... and logging on. Always remember to log off the Admin account when not using it.
It's my understanding that this affects Skype 5, the latest version. The older versions are not affected. Still, very stupid on Skype's part.
Well that sucks, I just loaded it to see my grandsons who are in Germany with their dad who is stationed there.
Unless I'm missing something, shell access (SSH) would have to have been previously enabled on the target Mac.
Sigh... Adding insult to injury. I'm a Mac and Skype user and I hate the latest version of Skype! Unfortunately, I'm not the most computer-literate person in the world (hence my preference for Macs) and I need to figure out how to ditch this current "upgrade" of Skype and bring back my old version.
I really, really hate the latest Skype upgrade! Did I mention that I really hate this latest version of Skype?
Yes, but Apple should prohibit the access that Skype is using...
Most likely true... and unless you have activated ROOT not too dangerous.
Uh, no, would you care to repeat that?
Do you still have the old installation file for Skype in the Downloads folder (or possibly in the Trash folder)? If so you can go to the Applications folder and drag Skype to the Trash. Then click on the old installation file to install the old version.
Unless I've been stupid and changed that default, I wouldn't put too much store by that - I've had some spam in Skype messenger.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.