Skype, one of the most Downloaded and popular App used by iOS users and many more. Skype lets you to connect with you loved ones, lets you make free calls from Skype to Skype. Few months ago Skype for iPad was released.
Today the security firm SuperEVR found something in Skype which is not good for its users. They injected their own exploit which made its way into the iOS App for Skype and revealed something which is not good for people running Skype (3.0.1 Version) on iPhone/iPod.
I found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, “about:blank” or “skype-randomtoken”, but in this case it is actually set to “file://”. This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.
File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users Address Book, and Skype is no exception.
Skype says that it is aware of the security issue and it is working on the issue to fix it.
“We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.”
No words are said on the iPad App, whether it is vulnerable or not,but we did found a bug in Skype for iPad App. The bug enables your video without your permission and letting you know. Every new rleeased App got some bugs which needs to be fixed.
How ever Skype for iPad did helped a new father to see his son delivery few weeks back.