iPhone Skype vulnerability allows address book content theft

Sep 20, 2011
1

iPhone users need to pay attention to this vulnerability in the iOS version of Skype that has been discovered. Apparently, the vulnerability allows for the theft of all your address book content as easily as sending you a chat message. The way the attack works is that the person sending you a chat message would enter Javascript commands into the user name of the Skype account.

Then when the chat message hits the user on the other end, when that user is on the latest version of Skype, it loads a program onto a web server and the address book contacts are swiped. Apparently, two things at work allow the attack to be executed in the new version of Skype for iOS.

Skype hasn’t taken any steps to prevent Javascript from being executed when sent in the form of chat messages. The other issue is that the iOS operating system leaves the contact book accessible to any program. It seems that the answer to this issue may require fixes from both ends. Check out the video below to see the hack in action, and beware chat messages on Skype.

[via Apple Headlines]


Must Read Bits & Bytes