From the above LifeHacker article...

Another day, another major internet security flaw (step aside, Heartbleed).

That's going way too far. It's understandable that we're all a bit wary after Heartbleed... but the press is always eager to make hay, and I'm tending to believe Mashable's more careful descriptions of the Covert Redirect flaw....

Another Security Flaw Gets the Heartbleed Treatment, But Don't Believe the Hype
Mashable - May 2, 2014
http://mashable.com/2014/05/02/oauth-openid-not-new-heartbleed/ [mashable.com]

My emphasis added...

...Already, we're seeing news organizations report this as the next major web security crisis.

Fortunately, Covert Redirect is not the next Heartbleed. In fact, from what we can ascertain, the Covert Redirect "flaw" isn't even new. Moreover, classifying Covert Redirect as a vulnerability with OAuth 2.0 and OpenID is incorrect.

That isn't to say that a potential problem doesn't exist — it does and we'll discuss how it works — but it is important to understand that this isn't a new discovery and that companies such as LinkedIn, Facebook and Google are already aware of the potential concerns....

It's good to be aware of the potential phishing problem the flaw might create, and to push Facebook and others to come up with a more secure implementation.

A lot of the article has to do with the type of overblown reporting we're likely to see on security matters going forward, which is unfortunate if that makes us blind to real emergencies. Again, this isn't on the Heartbleed level.

I hope we'll see more detail in the coming days.