An XSS bug in the iPhone and iPad version of Skype allows an attacker to directly access files on the device, including the user’s Address Book. The bug is an incorrect encoding of the incoming user’s “Full Name” which allows JavaScript code to be embedded in it. The problem is made more exploitable by the way Skype uses the embeddable WebKit browser. An update to fix the bug is expected to be released early in September, according to security researcher Phil Purviance. Skype has confirmed there is an issue and said it is working hard to fix it.”]