Skip to content

Gotham Security Daily Threat Alerts

by on June 13, 2014

June 12, The Register – (International) Sealed with an XSS: I gave TweetDeck a heart attack, says teen comp sci boff Firo. A computer science student who identified a basic cross-site scripting (XSS) flaw in Twitter’s TweetDeck client stated that the vulnerability was spotted while experimenting with the HTML heart-symbol character. The vulnerability caused Twitter to shut down the TweetDeck client for some users due to others abusing the XSS vulnerability. Source

June 12, The Register – (International) Poison PDF pusher released to public. A security researcher released a tool developed as part of a penetration testing exploit kit which allows users to easily create malicious PDF documents with URL pointers added to them. Only unpatched systems were likely to be affected. Source

June 11, Securityweek – (International) Twitter fixes TweetDeck XSS security vulnerability. Twitter disabled its TweetDeck app for about an hour June 11 after a cross-site scripting (XSS) vulnerability was discovered that could allow XSS to be executed by viewing a specially-crafted tweet. Researchers at Rapid7 reported that the issue primarily affected users of the TweetDeck plugin for Chrome. Source

June 11, Securityweek – (International) Chrome, Firefox updates address security vulnerabilities. Google released an update for its Chrome browser, closing four security vulnerabilities. Mozilla also released an update for its Firefox browser, which closed seven vulnerabilities, five of which were rated as critical. Source

June 11, Securityweek – (International) Adobe issues security updates for Flash Player, AIR. Adobe released updates for several versions of its Flash Player and AIR products June 10, including updates for Flash Player for Windows and Mac OS X which were rated as high priority due to current or potential attacks exploiting those vulnerabilities. Source

 

From → Security

Comments are closed.

%d bloggers like this: