jump to navigation

Security: Vulnerabilities in Skype app for iOS 22 September 2011

Posted by computeraholic in Uncategorized.
trackback

SuperEVR has discovered a serious security bug in the Skype app for iOS. Skype for iOS contains an XSS vulnerability that allows attackers steal information.
As the reports in its blog, XSS, remote access to the contacts of a Skype user is short about a so-called cross-site scripting vulnerability, possible, if the app uses for calls and Messaging. Attackers can currently unchallenged access to the contact database in the iPhone.

Attack on a chat message
After the attacker has changed its name to a Skype-specific XSS code, he writes to the user in the chat. Since the Skype app to decrypt the XSS code, a JavaScript error. Now the path into the address book is free. The contents of the message to the user is completely irrelevant, because at the time of reception, access to the address of the recipient already provides, and the entire contact list is on the way to the attacker’s server, without realizing that the victim gets wind of it.

A second vulnerability exists in WebKit

[Source: PCSMAX]

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: