• On CBS MoneyWatch: Report: Tiger to Pay Wife $60 Million
August 17, 2006 2:47 PM PDT

Yahoo fixes Web mail bug

by Joris Evers
  • Font size
  • Print
  • Post a comment
Share

Web giant Yahoo has fixed a security flaw in its Yahoo Mail service that exposed user accounts to cyberattacks.

The flaw involves how Yahoo Mail handles attachments and was discovered in early August by Israeli security company Avnet, according to various online news reports. An attacker could hijack a user's account after a malicious attachment was opened, these reports said.

"Online security issues are taken very seriously at Yahoo. We developed a fix for this bug and deployed it last week," a Yahoo representative said Thursday.

Because Yahoo Mail is a hosted service, users don't have to take any action to be protected against potential attacks that exploit the flaw, the representative said. "There were no documented cases of this vulnerability being exploited prior to our fix being released," the representative said.

The flaw could let an attacker craft an HTML attachment to an e-mail and bypass Yahoo Mail's security filter to execute malicious JavaScript code, according to an IDG News Service report Thursday.

Topics:

Security,

Yahoo

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Yahoo stopping mobile 'Go' app in 2010
Yahoo brings Facebook Connect into its sites
What's new with Palm WebOS 1.3.1?
The Real Deal 187: Should you buy that warranty?
Yahoo Messenger 10 waves bye to 'beta'
Mozilla issues near-final Thunderbird 3
Buzz Out Loud Podcast 1116: Humanity annoys Natali
Mozilla's e-mail group looks toward the cloud
advertisement

The yogurt makers of tech: Gadgets to avoid

Don't buy these one-trick ponies--unless you like gizmos that gather dust.

Google wants to unclog Net's DNS plumbing

The Net giant, ever eager for a faster Internet, debuts its Google Public DNS service. With it, Google could become even more central to the Net.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET