Skype for iOS contains an XSS vulnerability that allows attackers steal information.
A Cross-Site Scripting vulnerability exists in the "Chat Message" window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.
File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception. I created a proof of concept injection and attack that shows that a users AddressBook can indeed be stolen from an iPhone or iPod touch with this vulnerability.
To further demonstrate the issue, I have recorded a video of this scenario. Please use the comments section below for your questions.
Update! 2/24/2012 I found out that the latest versions of Firefox and Chrome now give error messages instead of preferring the first or second header. This is probably the safest way to handle the situation, since this trick can really only be used for evil }:)
Where does your browser send you when the HTTP Response contains two location headers?
|FIREFOX > 7||ERROR|
|CHROME ≥ 16||ERROR|
|CHROME < 16||YAHOO|
|INTERNET EXPLORER 6/7/8||YAHOO|
|OPERA MINI ON IPHONE||YAHOO|
|FIREFOX 3.6.15 TO 6.0|
|MOBILE SAFARI IOS 4.3.5|
|MOBILE FIREFOX FOR ANDROID|
|HP TOUCHPAD (WEBOS)|