Release date:
Updated on:
Affected Systems:
Skype (ioS) 3.0.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49697
Skype is a free global voice communication software.
The "Chat Message" Window of Skype for iOS contains a cross-site scripting vulnerability when filtering user input. Remote attackers can exploit this vulnerability to execute arbitrary code and steal cookie creden.
Skype uses locally stored HTML files to display chat information, but the error code calls the user's "Full name", allowing victims to run specially crafted JS Code when viewing information.
<* Source: superevr
Link: https://superevr.com/blog/2011/xss-in-skype-for-ios/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Skype
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.skype.com/