Security Alerts & News
by Tymoteusz A. Góral

History
#636 Adobe patches DOM-XSS flaw in analytics AppMeasurement for Flash library
Adobe today patched a vulnerability in the Adobe Analytics AppMeasurement for Flash library, which can be added to Flash projects to measure the usage of Flash-based content.

The vulnerability is a DOM-based cross-site scripting flaw that can be abused for cookie theft, said researcher Randy Westergren Jr., who privately disclosed the issue to Adobe.

Unlike traditional cross-site scripting exploits, where a payload is dropped onto a page in response to a HTTP(S) request, DOM-based XSS attacks modify the DOM environment in the browser used by client-side script, and malicious code affects the execution client-side code contained on a site, according to OWASP.
Read more
#638 Cisco patches Denial-of-Service flaws across three products
#637 UK intel agencies spy indiscriminately on millions of innocent folks
#636 Adobe patches DOM-XSS flaw in analytics AppMeasurement for Flash library
#635 Opera bundles free, unlimited VPN client into its browser
#634 Test of telephone support services for Windows consumer security software 2016 (PDF)
#633 Sony trots out 2-factor authentication 5 years after breach
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12