XSS bug in Skype for iPhone, iPad allows address book theft

Posted in iPhone News by admin. Published September 22nd, 2011

XSS bug in Skype for iPhone, iPad allows address book theft

A security researcher have created a proof of concept code that shows that a users AddressBook can be stolen from an iPhone or iPad.

The XSS bug is affecting the latest version of Skype for iOS, and works like that:

A Cross-Site Scripting vulnerability exists in the “Chat Message” window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users “Full Name”, allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.

The researcher informed Skype of the issue on 24 August, and was told that an update to fix it would be released early in September.

[Thanks: http://www.zdnet.com]



Related Posts;

Buy iPhone from Amazon

Share this :
[ del.icio.us | Google | Linkagogo | Netscape | reddit | Squidoo | StumbleUpon | Yahoo MyWeb ]

Comments are closed.


Search

Follow me on Twitter

Enter your email address:

Delivered by FeedBurner

Pages

Recent post

Tag cloud

Categories

Gadget Blogs - BlogCatalog Blog Directory
Powered by MyPagerank.Net
surfgopher.com

website monitoring service

site statistics
eXTReMe Tracker


iPhoneFan
Wordpress Theme

Designed by Bacteriano based on iPhone PSD file designed by Manicho.