A bug in the latest version of Skype for iPhone and iPod touch makes its users vulnerable to having their address book stolen just by viewing a specially crafted message. The problem is made more exploitable by the way Skype uses the embeddable WebKit browser. AppSec Consulting security researcher Phil Purviance shows how it was possible to extract the iPhone address book using the vulnerabilities. Skype is aware of the issue and is working on a fix, but says it will roll out imminently.
Source: https://thehackernews.com/2011/09/iphone-skype-xss-vulnerability-lets.html