Skype Confirms XSS Vulnerability in iPhone App

"An XSS bug in the iPhone and iPad version of the Skype client, in combination with an incorrect WebKit setting, allows an attacker to directly access files on the device, including the user's Address Book. The XSS bug itself is an incorrect encoding of the incoming user's 'Full Name' which allows JavaScript code to be embedded in it."

Please reply back to this ticket if you found this security alert useful.