A cross-site scripting vulnerability has been reported in the Skype application for iOS devices like iPod Touch and iPhones. According to security researcher Phil Purviance of AppSec, the vulnerability exists in the Chat message window of the Skype app. It may give an attacker access to the user’s address book and other sensitive data.
While the file-system threat is partially mitigated by iOS’ application sandboxing, sensitive data like the AddressBook that every iOS application has access to, can be accessed by exploiting this flaw. The flaw affects Skype app versions 3.0.1 and earlier for the iOS.
Puviance writes that he informed Skype about this vulnerability last month, and expects that Skype will release a patch as part of its next planned update. The researcher has also posted a proof-of-concept video demonstrating the veracity of this exploit.