Skype admits to iPhone app security problem, releasing a fix "soon"

Skype for iPhone hits 3.0, adds video calling

Skype has stated they are aware of a serious cross-site scripting vulnerability within the chat feature for Skype on the iPhone. The security hole could allow for malicious JavaScript code to access to your address book and is known to affect versions 3.0.1 and below.

Skype reached out to TechCrunch to say they're hard at work on getting an update pushed to the App Store.

We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.

The funny thing is, Skype has known about the issue for a while now. AppSec Consulting security researcher Phil Purviance helped discover the problem and let Skype know about it almost a month ago. Skype responded saying they would release an update earlier this month, but we're nearing the end of September and there's no update to be found.

Here's hoping Skype gets on this quick and pushes out an update soon, but in the meantime check out the video below detailing how the vulnerability works.

[superevr, TechCrunch]

Andrew Wray

Andrew Wray is a Salt Lake City, Utah based writer who focuses on news, how-tos, and jailbreak. Andrew also enjoys running, spending time with his daughter, and jamming out on his guitar. He works in a management position for Unisys Technical Services, a subsidiary of Unisys Corporation.

More Posts

 

2
loading...
0
loading...
0
loading...
0
loading...

← Previously

Add more browsing functionality with BackForwardList for Safari [jailbreak]

Next up →

iPhone Live podcast tonight at 9pm EDT, come chat!

Reader comments

Skype admits to iPhone app security problem, releasing a fix "soon"

2 Comments
Sort by Rating