A nasty security bug in Skype's iOS app can lead to users' personal information being stolen.

The cross-site scripting (XSS) vulnerability, demonstrated in the video below, is present in Skype 3.0.1 and earlier versions of Skype's iOS app.

It lets an attacker create malicious JavaScript code that runs when the user views a text message in Skype's chat window. The code can be used to access any file that the Skype app itself has access to, including the address book on your iPhone.

The technical explanation of the bug can be found here.

Skype is aware of the issue and is working on a fix. “We are working hard to fix this reported issue in our next planned release, which we hope to roll out imminently," Skype said in a statement.







[via Superevr]