Skype knows of XSS vulnerability in iOS appsSkype is well aware of the XSS vulnerability that is apparent in iOS apps, and the VoIP company (which has been bought up by Microsoft by the way) is working hard on the situation in order to make sure it gets fixed as soon as possible. Those who use Skype for iOS on the iPhone or iPod touch will need to be wary, as a cross-site scripting vulnerability hangs around the “Chat Message” window in version 3.0.1 and earlier versions.

This hole will open up the door for attackers to execute malicious JavaScript code which will run whenever you view a chat message, allowing your chat to be “eavesdropped” digitally, including theft of other information such as your address book.

This is what Skype had to say about the situation, “We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.”

This article was filed in Homepage > Cellphones and was tagged with iOS, security flaw and Skype.
Like us, and get the best stories

User Comments