August 17, 2006 2:47 PM PDT

Yahoo fixes Web mail bug

by Joris Evers

Web giant Yahoo has fixed a security flaw in its Yahoo Mail service that exposed user accounts to cyberattacks.

The flaw involves how Yahoo Mail handles attachments and was discovered in early August by Israeli security company Avnet, according to various online news reports. An attacker could hijack a user's account after a malicious attachment was opened, these reports said.

"Online security issues are taken very seriously at Yahoo. We developed a fix for this bug and deployed it last week," a Yahoo representative said Thursday.

Because Yahoo Mail is a hosted service, users don't have to take any action to be protected against potential attacks that exploit the flaw, the representative said. "There were no documented cases of this vulnerability being exploited prior to our fix being released," the representative said.

The flaw could let an attacker craft an HTML attachment to an e-mail and bypass Yahoo Mail's security filter to execute malicious JavaScript code, according to an IDG News Service report Thursday.

Topics:: Security,; Yahoo

Share:: Digg; Del.icio.us; Reddit; Facebook

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

Inside CNET News

Scroll Left Scroll Right

Business Tech
Week in review: Google goes after Microsoft with OS
The Web search giant announces plan to move into the operating system business, while Facebook looks to future fortunes. Also: T-Mobile's iPhone challenger.
Gallery
Photos: The surface of the moon, here on Earth
The Open Road
Firefox, Mac OS 9, and the power of open source
One of the benefits of open source is that it gives users control of their destiny, as a port of Firefox to Mac OS 9, called "Classilla,'" suggests.
Beyond Binary
Microsoft hopes users see the (Silver) light
At an event in San Francisco, Microsoft launches the latest version of Silverlight, its would-be rival to Adobe's Flash.
Video
Video: iPhone 3G S launch in New York City
CNET News Daily Podcast
CNET News Daily Podcast: Navigating the new Toyota Prius
The 2010 Toyota Prius is out, and CNET News Martin LaMonica is one of the few Americans to own one. He shares his experiences so far.
Video
A recipe for high-tech chocolate
Geek Gestalt
Road Trip pic of the day, 7/10: What is it? Who made it?
This artwork is in Utah, near the Nevada border. For today's Road Trip picture of the day challenge, be the first to tell me what it is and who the artist is, and you win a prize.
Cutting Edge
Americans see science as lagging here
The public appreciates scientific advancement but thinks the U.S. has fallen from its pedestal, according to a new Pew survey. Scientists, ahem, disagree.
Gallery
Images: The many faces of the smart grid
MP3 Insider
Using a non-iPod MP3 player on a Mac
CNET's Donald Bell offers some tips on how to use a Mac with MP3 players other than the Apple iPod.
Green Tech
Chasing the Toyota Prius' 50-mpg nirvana
CNET News' Martin LaMonica, an early buyer of the 2010 Toyota Prius, finds that the car gets good mileage but there's clearly more to learn.

Yahoo fixes Web mail bug

Security,

Yahoo

Report offensive content:

E-mail this comment to a friend.

Warning! You will be deleting this comment and all its replies (if applicable).

Most Popular

Can RIM get its mojo back?

With Chrome, Google reignites the OS wars

About News Blog

Inside CNET News