InfoSecurus, Inc. Discovers Flaw in IBM’s Software
September 1, 2011
During a recent penetration testing engagement for a client in the Midwest, the InfoSecurus testing team discovered a previously unidentified vulnerability in a popular IBM mobile application. If successfully exploited, this type of Cross-Site Scripting (XSS) vulnerability may allow an attacker to gain control of the user’s computer or harvest login credentials.
IBM has been notified of this vulnerability and indicated a fix would be released in the near future. “The impact of XSS can certainly pose a significant security risk depending on the sensitivity of the data and other factors. Consistent monitoring and testing practices are critical components of any well-executed information security program”, said Eugene Slobodzian, PhD, Security Testing Practice Director at InfoSecurus. The discovery was the result of a targeted application penetration methodology conducted by qualified domain experts at InfoSecurus.