Google patches Buzz for Mobile security flaw

A cross-site scripting vulnerability that could have allowed attackers to hijack Google Buzz accounts was quickly patched Tuesday after it was made public.

It has been a rough week for the Google Buzz team.

The fiasco over Buzz's privacy settings is starting to die down now that Google has made several changes, but security experts Tuesday discovered that the Buzz for Mobile service contained a flaw that could allow hackers to run their own code on Google Buzz accounts.

Google has already patched the flaw, which was reported by SecTheory. It was a cross-site scripting vulnerability, which could have allowed an attacker to hijack a Buzz account or run a phishing scam.

Google released a statement regarding the flaw. "We fixed a vulnerability that could have affected users of Google Buzz for mobile on February 16th, hours after it was reported to us. We have no indication that the vulnerability was actively abused. We understand the importance of our users' security, and we are committed to further improving the security of Google Buzz."

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Acer introduces a stackable, modular PC

Acer intros a modular PC; the PS4's next update is a big one; why renting cable boxes is crazy; and Google's war on full-screen mobile ads.

by Jeff Bakalar