{"id":3305,"date":"2011-09-20T13:39:43","date_gmt":"2011-09-20T12:39:43","guid":{"rendered":"http:\/\/blog.intego.com\/?p=3305"},"modified":"2011-09-20T13:39:43","modified_gmt":"2011-09-20T12:39:43","slug":"cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/","title":{"rendered":"Cross-Scripting Vulnerability in Skype iOS App Exposes Contact Information"},"content":{"rendered":"<p>A cross-scripting vulnerability affecting Skype&#8217;s iOS app <a href=\"https:\/\/superevr.com\/blog\/2011\/xss-in-skype-for-ios\/\">has been discovered and a video has been provided<\/a>, whereby sending a specific text message sent to a user can copy their Address Book. This attack uses Javascript, and, &#8220;Executing arbitrary Javascript code is one thing, but I found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype.&#8221; The attack leads to the Address Book data to being sent to a remote server. <\/p>\n<p>Contact information is not confidential in the way that, say, passwords are, but it does contain names, addresses, phone numbers and other data which hackers may use for identity theft, or e-mail addresses to use for sending spam. <\/p>\n<p>Skype will have to update their app to fix this vulnerability. In the meantime, if you receive text messages from people you don&#8217;t know, you should stop using the Skype app immediately. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>A vulnerability in Skype&#8217;s iOS app can allow malicious users to copy contact data from people using the app. <\/p>\n","protected":false},"author":3,"featured_media":2496,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[13,11],"tags":[69,8,9,122],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"A vulnerability in Skype&#039;s iOS app can allow malicious users to copy contact data from people using the app.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cross-Scripting Vulnerability in Skype iOS App Exposes Contact Information  - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"A vulnerability in Skype&#039;s iOS app can allow malicious users to copy contact data from people using the app.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2011-09-20T12:39:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/04\/skype.png\" \/>\n\t<meta property=\"og:image:width\" content=\"128\" \/>\n\t<meta property=\"og:image:height\" content=\"128\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Peter James\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/04\/skype.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/04\/skype.png\",\"width\":\"128\",\"height\":\"128\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/\",\"name\":\"Cross-Scripting Vulnerability in Skype iOS App Exposes Contact Information - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#primaryimage\"},\"datePublished\":\"2011-09-20T12:39:43+00:00\",\"dateModified\":\"2011-09-20T12:39:43+00:00\",\"description\":\"A vulnerability in Skype's iOS app can allow malicious users to copy contact data from people using the app.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cross-Scripting Vulnerability in Skype iOS App Exposes Contact Information\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\"},\"headline\":\"Cross-Scripting Vulnerability in Skype iOS App Exposes Contact Information\",\"datePublished\":\"2011-09-20T12:39:43+00:00\",\"dateModified\":\"2011-09-20T12:39:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#webpage\"},\"wordCount\":156,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/04\/skype.png\",\"keywords\":[\"iOS\",\"iPad\",\"iPhone\",\"Skype\"],\"articleSection\":[\"Security &amp; Privacy\",\"Software &amp; Apps\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\",\"name\":\"Peter James\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"caption\":\"Peter James\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"A vulnerability in Skype's iOS app can allow malicious users to copy contact data from people using the app.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/","og_locale":"en_US","og_type":"article","og_title":"Cross-Scripting Vulnerability in Skype iOS App Exposes Contact Information  - The Mac Security Blog","og_description":"A vulnerability in Skype's iOS app can allow malicious users to copy contact data from people using the app.","og_url":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/","og_site_name":"The Mac Security Blog","article_published_time":"2011-09-20T12:39:43+00:00","og_image":[{"width":"128","height":"128","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/04\/skype.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Peter James","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/04\/skype.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/04\/skype.png","width":"128","height":"128"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/","name":"Cross-Scripting Vulnerability in Skype iOS App Exposes Contact Information - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#primaryimage"},"datePublished":"2011-09-20T12:39:43+00:00","dateModified":"2011-09-20T12:39:43+00:00","description":"A vulnerability in Skype's iOS app can allow malicious users to copy contact data from people using the app.","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Cross-Scripting Vulnerability in Skype iOS App Exposes Contact Information"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116"},"headline":"Cross-Scripting Vulnerability in Skype iOS App Exposes Contact Information","datePublished":"2011-09-20T12:39:43+00:00","dateModified":"2011-09-20T12:39:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#webpage"},"wordCount":156,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/04\/skype.png","keywords":["iOS","iPad","iPhone","Skype"],"articleSection":["Security &amp; Privacy","Software &amp; Apps"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/cross-scripting-vulnerability-in-skype-ios-app-exposes-contact-information\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116","name":"Peter James","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","caption":"Peter James"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/04\/skype.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-Rj","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/3305"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=3305"}],"version-history":[{"count":0,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/3305\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/2496"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=3305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=3305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=3305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}