Wednesday, September 21, 2011

iPhone Skype XSS Vulnerability Lets Hackers Steal Phonebook [Video]


A bug in the latest version of Skype for iPhone and iPod touch makes its users vulnerable to having their address book stolen just by viewing a specially crafted message, says AppSec Consulting security researcher Phil Purviance.

The problem is made more exploitable by the way Skype uses the embeddable WebKit browser; Skype developers have set the URI scheme for the embedded browser to "file://". This error allows an attacker to access the file system and read any file that the app would be allowed to read by the iOS application sandbox. One file that every iOS application has access to is the user's SQLlite AddressBook database. In a demonstration of the bugs, Phil Purviance, AppSec Consulting security researcher, showed how it was possible to extract the iPhone address book using the vulnerabilities.

Skype is aware of the issue and is working on a fix. “We are working hard to fix this reported issue in our next planned release, which we hope to roll out imminently,” Skype said in a statement.
 
 

Simple solution: Don't open text messages in the chat window, and check for a really quick update.

1 comments:

No Name said...

SSN FULLZ AVAILABLE

Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk & high credit 700+

>>1$ each SSN+DOB
>>3$ each with SSN+DOB+DL
>>5$ each for premium fullz (700+ credit score with replacement guarantee)

Prices are negotiable in bulk order
Serious buyer contact me no time wasters please
Bulk order will be preferable

CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com

OTHER STUFF YOU CAN GET

SSN+DOB Fullz
CC's with CVV's (vbv & non-vbv)
USA Photo ID'S (Front & back)

All type of Tools & Tutorials available
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

SQL Injector
Premium Accounts (Netflix, Pornhub, etc)
Paypal Logins
Bitcoin Cracker
SMTP Linux Root
DUMPS with pins track 1 and 2
WU & Bank transfers
Socks, rdp's, vpn
Php mailer
Server I.P's
HQ Emails with passwords
All types of tools & tutorials.. & much more

Looking for long term business
For trust full vendor, feel free to contact

CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com