A bug in the latest version of Skype for iPhone and iPod touch makes its users vulnerable to having their address book stolen just by viewing a specially crafted message, says AppSec Consulting security researcher Phil Purviance.
According to a German researcher, a XSS bug in the latest (188.8.131.52) Skype version for Windows could allow attackers to inject malicious code into users' phone sessions and in the end even hijack their computers.
Faced with the reality that exploiting a single SQL Injection vulnerability or cross-site scripting (XSS) error in any web application could take down an organization’s entire software infrastructure, there is tremendous pressure to adopt quicker, more scalable approaches to application security.
A vulnerability has been reported in IBM WebSphere Portal, which can be exploited by malicious people to conduct cross-site scripting attacks, according to Secunia.
With the trend of targeted cyber attacks along with the exploitation of common vulnerabilities such as SQL injection, it is clear that the core software infrastructure of several critical industries remains extremely vulnerable.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.