The Latest in IT Security

Cross-Scripting Vulnerability in Skype iOS App Exposes Contact Information

20
Sep
2011

A cross-scripting vulnerability affecting Skype’s iOS app has been discovered and a video has been provided, whereby sending a specific a specific text message sent to a user can copy their Address Book. This attack uses Javascript, and, “Executing arbitrary Javascript code is one thing, but I found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype.” The attack leads to the Address Book data to being sent to a remote server.

Contact information is not confidential in the way that, say, passwords are, but it does contain names, addresses, phone numbers and other data which hackers may use for identity theft, or e-mail addresses to use for sending spam.

Skype will have to update their app to fix this vulnerability. In the meantime, if you receive text messages from people you don’t know, you should stop using the Skype app immediately.

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments