Search This Blog

Skype for iPhone and iPod vulnerable to XSS ~Attacker able to steal data




A security Researcher,Phil discovered the XSS(Cross site Scripting) vulnerability in Skype v3.0.1 and earlier versions for iPhone and iPod touch Devices.

Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users "Full Name", allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.


Executing arbitrary Javascript code is one thing, but he found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, "about:blank" or "skype-randomtoken", but in this case it is actually set to "file://". This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.

File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception. he created a proof of concept injection and attack that shows that a users AddressBook can indeed be stolen from an iPhone or iPod touch with this vulnerability.

Video Demo:

Share it:

Application Vulnerability

Vulnerability

XSS Injection

XSS Vulnerability