A Cross-Site Scripting vulnerability exists in the “Chat Message” window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.
(Above: Run away if you see a chat like this)
(Above: XSS exploit running)
The test was done on an iPhone 4 running iOS 4.3.5, and the security researcher Phil mentions he had pointed out this exploit earlier in late August, and was told an ‘update was coming’. Skype has now responded to the documented exploit via TechCrunch, and reports a fix is coming:
“We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.”
So how to protect yourself and your contact list? Wait for it…only accept friend requests from people you know!
Check out the video of the entire exploit in action below:
Great find by Phil. I use Skype all the time and the amount of ‘spam’ contact requests are definitely overwhelming. Using due diligence is one way to protect yourself.
[via Apple Headlines]