If you use Skype’s app on your iOS devices then continue to read this article.
AppSec Consulting security researcher Phil Purviance who discovered the vulnerability explains:
File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception.
Phil has also created a video to show how the vulnerability can be exploited:
He apparently reported the security issue to Skype nearly a month ago. Skype has acknowledged the issue and has issued the following statement:
“We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.”
Let’s hope that the fix is released soon, until then please be extra cautious while accepting friend requests.
Categories: iOS 4.2.9, iOS 4.2.8, iOS 4.2.7, iOS 4.2