XSS Exploit in Skype Lets Hackers Steal iPhone Address Book

Tom Keating : VoIP & Gadgets Blog
Randy Savicky
| VoIP & Gadgets blog - Latest news in VoIP & gadgets, wireless, mobile phones, reviews, & opinions

XSS Exploit in Skype Lets Hackers Steal iPhone Address Book

skype-xss-exploit.jpg
If you are using Skype for iPhone or iPod Touch, your Address Book can be compromised and stolen using a simple chat message. It leverages a Cross-Site Scripting vulnerability within the "Chat Message" window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.

How does it work? Skype does not properly encode the incoming users "Full Name", allowing an attacker to encode malicious JavaScript code that runs automatically when the victim views the chat message, thereby giving the attacker access to the user's file system. Apple iOS does offer some protection via a sandbox to prevent access to the core operating system's critical files. However, access to the Address Book is available to all applications.

Here's a video of it in action:


Via SUPEREVR (discovered hack) & Apple Headlines


Related Articles to 'XSS Exploit in Skype Lets Hackers Steal iPhone Address Book'
apple-iphone-black.png
webrtc-test-apple-ios-browser.PNG
facebook-messenger-voip-messages.PNG

Featured Events