Yahoo releases critical security patch for IM

By Dawn Kawamoto
Staff Writer, CNET News

6 comments

Yahoo releases critical security patch for IM

Related Stories: Yahoo plugs Messenger hole
April 4, 2007; Yahoo Messenger releases security update
December 15, 2006
Related Blogs: Yahoo IM hit with critical security flaws
News Blog
June 6, 2007

Yahoo has issued a critical security patch for Messenger to address zero-day exploits that take advantage of vulnerabilities in its Webcam ActiveX controls.

The exploits to instant messaging surfaced Wednesday, less than 24 hours after the vulnerabilities were first reported to Yahoo by eEye Digital Security.

Messenger users' computers could be at risk if they visit malicious Web sites or view other malicious HTML code. The attackers could then exploit security flaws in the Yahoo Webcam ActiveX control, a software package that is downloaded with Messenger.

eEye Digital Security discovered the flaw and reported it to Yahoo earlier this week. eEye gave the problem its highest risk rating; fellow security company Secunia did the same, labeling it "extremely critical." Yahoo issued the patch in an update on Thursday.

Yahoo's advisory on the problem states that anyone using a version of Messenger obtained before Friday should download the update.

In December, Yahoo issued a "highly critical" update to address another ActiveX security flaw in Messenger. The vulnerability was found in the ActiveX control for Yahoo's services suite, which could be exploited to launch a buffer overflow attack.

See more CNET content tagged:
eEye Digital Security, Yahoo! Inc., security patch, vulnerability, ActiveX Control

Add a Comment (Log in or register) (6 Comments)

Yahoo!!!!

by wayland.ind June 8, 2007 12:31 PM PDT

i'm surprised yahoo is fast on patching messenger. i know is the
windows version but still. where as for the mac version it has been
in beta1 status for 1 year now; i wonder if they'll keep up to their 3
year schedule for releaseing another version or just kill the project
for good. from what i know they only have 1 developer on their
team. is Yahoo that poor that they can't hire some more people to
speed up the release?

Like this Reply to this comment

Yahoo
by GGGlen June 9, 2007 1:35 PM PDT: Yahoo is the reason I Google; Like this View all 3 replies Hide replies
Processing

No surprise there
by Itsya September 6, 2007 6:34 AM PDT: Well, I posted Yahoo's lack of security in February of 2004 and I am going to leave it there as long as the internet exists because when my Yahoo account got hacked they refused to do anything about it, it was a PAID account too, they managed to find the credit card information and I cancelled it back then, now I only use Yahoo for free and junk mail and NEVER use their IM, never have and never will. They are just too easy to hack. Seems they need to REAL computer professionals with REAL computer engineering degrees from accredited Universities, instead of relying on "gamers/hacker/computer junkies/MS certificates/(no slur intended) to maintain their security and design programs.; Like this Reply to this comment

(6 Comments)

Latest tech news headlines

Adobe releases new Flash, AIR betas
Posted in Deep Tech by Stephen Shankland

November 16, 2009 10:07 PM PST
Crowdsourcing cartography with PublicEarth and OpenStreetMap
Posted in Webware by Rafe Needleman

November 16, 2009 9:00 PM PST
Report: Countries prepping for cyber war
Posted in InSecurity Complex by Elinor Mills

November 16, 2009 9:00 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Yahoo (0.88%) 0.14 16.07; Dow Jones Industrials (1.33%) 136.49 10,406.96; S&P 500 (1.45%) 15.82 1,109.30; NASDAQ (1.38%) 29.97 2,197.85; CNET TECH (0.88%) 14.01 1,601.19

Inside CNET News

Scroll Left Scroll Right

The Web Services Report
Google scoops up ex-Microsoftie Don Dodge
Microsoft's former director of business development takes a position at Google, evangelizing their technologies to the developer community.
Gallery
Photos: Random Hacks of Kindness
Digital Noise: Music and Tech
Live-music archive to introduce memberships
Wolfgang's Vault to launch membership model: $48 a year will get you $50 (that's right) in merchandise, along with discounted downloads, and a tour of the company's memorabilia-filled headquarters.
Beyond Binary
Paul Allen diagnosed with cancer
The Microsoft co-founder has non-Hodgkin's lymphoma, according to a memo sent by his sister.
Video
Exploratorium's shocking 40th anniversary kicks off
Digital Media
Senate to disclose findings in Web 'mystery charge' probe
Numerous shoppers have traced mystery credit card charges to Webloyalty, Affinion, and Vertrue. Congress will reveal the results at a hearing Tuesday.
Video
A new workout for the Wii
The Social
Oxford's word of the year? 'Unfriend'
The ubiquitous Digital Age insult, brought into the mainstream with the rise of Facebook, is the dictionary's top term of 2009.
The Space Shot
Shuttle Atlantis takes off on station delivery mission
The shuttle Atlantis rockets into orbit on a three-spacewalk mission to deliver 15 tons of spare parts and other equipment to protect against failures after the shuttle is retired.
Gallery
Photos: Top-rated reviews of the week
Deep Tech
Adobe releases new Flash, AIR betas
Flash Player 10.1 gets a hardware video boost, and AIR 2 gets tighter integration with desktop computing resources such as USB drives and multitouch interfaces.
Green Tech
Solar-power start-up Ausra looks to sell itself
Discussions are at a "very aggressive level" with global conglomerates, source tells Reuters. Sale would add to a string of recent deals and growing consolidation in the solar-power industry.