Skype is working to fix a serious security flaw identified in its application for the iPhone OS iPhone and iPod touch, which could allow an attacker to steal the victim’s address book data. The vulnerability, found in the chat window, can be used with a JavaScript code, and was discovered by the expert of security AppSec PhilPurviance.

“Skype uses a locally stored HTML files to display chat messages from other Skype users, but fails to properly encode the user input ’Name,’allowing an attack by a malicious JavaScript that is executed when thevictim displays the message, “Purviance said on his blog.

The heart of the problem, according to Purviance, is a misnomer inSkype application that allows access to a user’s local file system. The sandbox within IOS neutralizes much of this flaw, but the book remains vulnerable.

Skype does not seem to be in any hurry to resolve the problem. In a tweet, Purviance has made ​​it known that he had informed Skype of the problem on August 24 and was told that an update would be releasedin early September to close the loophole.

You can watch a demonstration of exactly how the exploit works in this video created by Purviance:

Tagged with:  

Comments are closed.

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...

  • Documentation
  • Plugins
  • Suggest Ideas
  • Support Forum
  • Themes
  • WordPress Blog
  • WordPress Planet
wordpress themes