If you’re using Skype for iOS on your iPhone or iPod touch, consider yourself warned: a cross-site scripting vulnerability looms in the “Chat Message” window in version 3.0.1 and earlier versions.
The hole allows attackers to execute malicious JavaScript code that runs when a victim views a chat message, enabling theft of information, including a user’s address book (see video below).
Skype says it is aware of the security issue, and had issued the following statement:
“We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.”
[via]