XSS bug in Skype for iPhone, iPad allows address book theft

XSS bug in Skype for iPhone, iPad allows address book theft

Summary: A security researcher have created a proof of concept code that shows that a users AddressBook can be stolen from an iPhone or iPad.

SHARE:

A security researcher have created a proof of concept code that shows that a users AddressBook can be stolen from an iPhone or iPad.

The XSS bug is affecting the latest version of Skype for iOS, and works like that:

A Cross-Site Scripting vulnerability exists in the "Chat Message" window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users "Full Name", allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.

The researcher informed Skype of the issue on 24 August, and was told that an update to fix it would be released early in September.

Watch a video demonstration of the XSS bug in action.

Topics: Mobile OS, Apple, Collaboration, Social Enterprise

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • RE: XSS bug in Skype for iPhone, iPad allows address book theft

    If that isn???t enough of a reason to abandon Skype, I do not know what is. Being this is targeted at iOS devices, and Skype is being sold to a competitor (with very low moral values). Is it really any wonder why these bugs are suddenly showing up?
    Rick_Kl
  • RE: XSS bug in Skype for iPhone, iPad allows address book theft

    Get six pack Abs

    I???m busy and can???t spend 60 minutes a day with exercises.
    Truth About Six Pack Abs does not require this.
    30-45 minutes workouts 2-3 times a week should do the trick

    go here : <em></em>goo<em></em>.<em></em>gl<em></em><em></em>/YR85Z<em></em>
    alexdan2