AOL Radio re-posts security update

AOL Radio may need to turn up the volume to get its users to download the latest security update, or its listeners may tune them out.

AOL Radio re-posted its Unagi plug-in 2.6.2.6 on Friday, but it failed to stress that users running versions of AOL Radio prior to August could be facing a security risk if they didn't download the update.

It turns out that AOL Radio users running version 2.6.1.11 are at risk, said Thomas Chau, who runs the AOL Radio blog. He noted, however, that anyone who downloaded the Unagi plug-in 2.6.2.6 originally posted on the site last fall, or is running the recently released AOL Radio 4.0 beta are safe.

The earlier AOL Radio version contains a security flaw that could allow attackers to compromise users' computers, after viewing a malicious Web site, document, or HTML e-mail, according to a report by the U.S. Computer Emergency Readiness Team (US-CERT) that was released earlier this week.

The security flaw is found in an application, AOLMediaPlaybackControl.exe, that is used by AOL Radio to stream audio in Web pages. But the application contains a stack buffer overflow, according to US-CERT, which could be exploited via the ActiveX control used with the application.