Yahoo fixes Web mail bug

Web giant Yahoo has fixed a security flaw in its Yahoo Mail service that exposed user accounts to cyberattacks.

The flaw involves how Yahoo Mail handles attachments and was discovered in early August by Israeli security company Avnet, according to various online news reports. An attacker could hijack a user's account after a malicious attachment was opened, these reports said.

"Online security issues are taken very seriously at Yahoo. We developed a fix for this bug and deployed it last week," a Yahoo representative said Thursday.

Because Yahoo Mail is a hosted service, users don't have to take any action to be protected against potential attacks that exploit the flaw, the representative said. "There were no documented cases of this vulnerability being exploited prior to our fix being released," the representative said.

The flaw could let an attacker craft an HTML attachment to an e-mail and bypass Yahoo Mail's security filter to execute malicious JavaScript code, according to an IDG News Service report Thursday.