Skype On iOS Has Vulnerability That Lets Others Steal Address Book [News]

For avid Skype users on Apple devices, you need to be careful. There is a vulnerability in the current iOS version of Skype that allows users to get access to your address book. Obviously, this is not the most earth shattering hack, since there isn’t too much a hacker can do with just an address book. Still, I don’t think you or your contacts would want that information in the hands of hackers.

Skype is aware of the exploit, but they don’t seem too concerned about getting it fixed right away. They said it will be addressed in the next scheduled update, so they don’t seem to consider this an emergency.

Basically this a JavaScript exploit and according to security expert Phil Purviance:

Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming user’s ‘Full Name,’ allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.

So basically, if you open a chat with a malicious person, they can get access to your friends list and do whatever they like with the information, and as I said before, this will not make your friends too happy. Until the update comes out just be careful about what chats you receive and read on your iPhone.

Source: MacWorld via Superevr

Leave a Reply

Your email address will not be published. Required fields are marked *