Security vulnerability found on iOS version of Skype

If you thought that having Skype on your iPhone/iPad was a good idea, perhaps you may want to consider removing the app for now until Skype gets this latest vulnerability sorted out. According to AppSec Consulting security researcher, Phil Purviance, there’s a cross-site scripting vulnerability in the Chat message window that supposedly allows an attacker to run malicious javascript code.

The javascript has been said to be able to grant access to the victim’s phone, allowing them access to information and even the user’s address book. However thanks to Apple’s sandboxing system, the attacker will not be able to gain access to more sensitive documents, with the exception of the address book. It seems that this flaw was reported to Skype a month ago and Skype has acknowledge the problem and are working to get it fixed.