Sunday, September 25, 2011

Skype for iOS contains an XSS vulnerability that allows attackers steal information

The Rumor Mill News Reading Room

Skype for iOS contains an XSS vulnerability that allows attackers steal information
Posted By: Steve [Send E-Mail]
Date: Sunday, 25-Sep-2011 03:28:40
by Phil
Skype for iOS contains an XSS vulnerability that allows attackers steal information.
A Cross-Site Scripting vulnerability exists in the “Chat Message” window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.
Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users “Full Name”, allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.
To demonstrate the vulnerability, I captured a photo of a simple javascript alert() running within Skype.
Executing arbitrary Javascript code is one thing, but I found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, “about:blank” or “skype-randomtoken”, but in this case it is actually set to “file://”. This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.
video+more here

No comments: