/>
X

XSS bug in Skype for iPhone, iPad allows address book theft

A security researcher have created a proof of concept code that shows that a users AddressBook can be stolen from an iPhone or iPad.
Written by Dancho Danchev, Contributor on

A security researcher have created a proof of concept code that shows that a users AddressBook can be stolen from an iPhone or iPad.

The XSS bug is affecting the latest version of Skype for iOS, and works like that:

A Cross-Site Scripting vulnerability exists in the "Chat Message" window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users "Full Name", allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.

The researcher informed Skype of the issue on 24 August, and was told that an update to fix it would be released early in September.

Watch a video demonstration of the XSS bug in action.

Related

Are you ready for the worst Economy Class airline seats in the world?
airline-seats.jpg

Are you ready for the worst Economy Class airline seats in the world?

Business
Remote working vs back to the office: Benefits are clear, but there could be trouble ahead for some
A middle aged man in casual attire sat at his computer desk speaking to colleagues via a split-screen video chat application

Remote working vs back to the office: Benefits are clear, but there could be trouble ahead for some

Professional Development
Linus Torvalds is cautiously optimistic about bringing Rust into Linux kernel's next release
rusty gears

Linus Torvalds is cautiously optimistic about bringing Rust into Linux kernel's next release

Enterprise Software