![Skype iOS App is Vulnerable to Attack That Can Steal Your Address Book [Video]](/images/news/17003/58892/58892-64.png "Skype iOS App is Vulnerable to Attack That Can Steal Your Address Book [Video]")
Skype iOS App is Vulnerable to Attack That Can Steal Your Address Book [Video]
Posted September 20, 2011 at 5:21pm by
Shalom Levytam
Skype's iOS app is vulnerable to an attack that can compromise your entire address book without you noticing, reports TechCrunch.
AppSec Consulting security researcher Phil Purviance discovered the exploit:
I found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, "about:blank" or "skype-randomtoken", but in this case it is actually set to "file://". This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.
File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception.
Skype says "We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always."
Take a look at the attack being performed in the video below...
Read More [via TechCrunch]
AppSec Consulting security researcher Phil Purviance discovered the exploit:
I found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, "about:blank" or "skype-randomtoken", but in this case it is actually set to "file://". This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.
File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception.
Skype says "We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always."
Take a look at the attack being performed in the video below...
Read More [via TechCrunch]
![Apple Loses Top Siri Executive and More AI Researchers to Google and Meta [Report]](/images/news/99797/99797/99797-160.jpg "Apple Loses Top Siri Executive and More AI Researchers to Google and Meta [Report]")
![Apple 'Completely Screwed Up' AI, Giannandrea Hire Called Tim Cook's Biggest Mistake [Gurman]](/images/news/99786/99786/99786-160.jpg "Apple 'Completely Screwed Up' AI, Giannandrea Hire Called Tim Cook's Biggest Mistake [Gurman]")
![Apple Releases 'Glad I Met You' Chinese New Year Film Shot on iPhone 17 Pro [Video]](/images/news/99788/99788/99788-160.jpg "Apple Releases 'Glad I Met You' Chinese New Year Film Shot on iPhone 17 Pro [Video]")
![Apple to Delay Standard iPhone 18 to 2027, Prioritizing Foldable and Pro Models [Report]](/images/news/99783/99783/99783-160.jpg "Apple to Delay Standard iPhone 18 to 2027, Prioritizing Foldable and Pro Models [Report]")
![Apple AirPods 4 With Active Noise Cancellation Drop to $119 [Deal]](/images/news/99794/99794/99794-160.jpg "Apple AirPods 4 With Active Noise Cancellation Drop to $119 [Deal]")
![AirPods Pro 3 Return to All-Time Low Price of $199 [Deal]](/images/news/99752/99752/99752-160.jpg "AirPods Pro 3 Return to All-Time Low Price of $199 [Deal]")
![Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]](/images/news/99729/99729/99729-160.jpg "Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]")
![Apple's 13-Inch M5 iPad Pro (1TB) Hits New All-Time Low at $1,706 [Deal]](/images/news/99716/99716/99716-160.jpg "Apple's 13-Inch M5 iPad Pro (1TB) Hits New All-Time Low at $1,706 [Deal]")
