Coming off the heels of the Heartbleed bug, a new report on a security flaw called "Covert Redirect" is garnering a lot of media attention--so much that some outlets are referring to it as the next Heartbleed. But is Covert Redirect as bad as Heartbleed? Definitely not.
Is this the next Heartbleed?
Source: http://www.symantec.com/connect/blogs/covert-redirect-flaw-oauth-not-next-heartbleed Symantec Security Response