Skype for iPhone makes stealing address books a snap
Just add JavaScript
By Dan Goodin in San Francisco
20 September 2011If you use Skype on an iPhone or iPod touch, Phil Purviance can steal your device's address book simply by sending you a chat message.
In a video posted over the weekend, the security researcher makes the attack look like child's play. Type some JavaScript commands into the user name of a Skype account, use it to send a chat message to someone using the latest version of Skype on an iPhone or iPod touch, and load a small program onto a webserver. Within minutes, you'll have a fully-searchable copy of the victim's address book.
...