Skype iOS Bug Can Leak Your ContactsA potentially nasty bug in Skype for iPhone and iPod Touch could lead to your contacts being compromised. Simple solution: Don't open text messages in the chat window, and check for a really quick update.

Beware the Bug

Cross site-scripting vulnerabilities are one of the more popular attacks that hackers use, and work just as well on smartphones as they do on PCs. They usually trick the user into launching code that they think is from a legitimate site, but can be used in other ways.

The finder of this bug discovered that, while most sensitive files on an iPhone are protected by the system, the address book is not and can be accessed and uploaded by this bug. For it to work, you'll have to befriend some stranger who will then want to chat to you.


 Duck and Cover

A fix is due out soon, which should beat out hackers who could start compromising Skype-using PCs and start launching chats with that user's friends (adding an air of legitimacy to the attack) to see who bites.

Supereversec, the person who found the vulnerability, has documented the weakness on his blog and made a video demonstrating the potential attack. Skype said in response to being told of the problem, "We are working hard to fix this reported issue in our next planned release, which we hope to roll out imminently."

So, keep an eye out in the App Store for that update, and say no to strangers.