If you are using Skype for iPhone or iPod Touch, your Address Book can be compromised and stolen using a simple chat message. It leverages a Cross-Site Scripting vulnerability within the "Chat Message" window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.
How does it work? Skype does not properly encode the incoming users "Full Name", allowing an attacker to encode malicious JavaScript code that runs automatically when the victim views the chat message, thereby giving the attacker access to the user's file system. Apple iOS does offer some protection via a sandbox to prevent access to the core operating system's critical files. However, access to the Address Book is available to all applications.
Here's a video of it in action:
Via SUPEREVR (discovered hack) & Apple Headlines
