The dedicated Skype application native to Apple’s iPods and iPhones enables attackers to steal contact information by simply sending a malicious message.
Security researcher Phil Purviance warned Skype about the vulnerability on August 24th and shared his findings with the public on September 19th, according to a SMH report. By exploiting the vulnerability, Skype friends can send a text message harbouring malicious code to a target and steal their entire address book.
By simply viewing the message the victim’s address book will be uploaded behind the scenes, oblivious that a hack is taking place on their beloved phone.
Taking to Twitter, Purviance said Skype was working to release an update that would patch the hole sometime this month. The publisher of Skype’s website recognised the issue and said their “working hard” on a fix, which they hope “to roll out imminently.”
“In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.”
Purviance noted that the vulnerability affects Skype version 3.0.1 and its earlier releases. On YouTube, he posted a proof of concept video documenting an exploit of the software vulnerability.