Trillian critical security update released

By Dawn Kawamoto
Staff Writer, CNET News

5 comments

Trillian critical security update released

Related Stories: Trillian IM flaw exposed
March 25, 2005; RIM to bring AOL, Yahoo IMs to BlackBerry
March 14, 2005

Cerulean Studios on Monday released a "highly critical" security update for its Trillian multi-protocol chat software.

Attackers could exploit vulnerabilities in the character encoding for Trillian 3.1.5.1--specifically, the word-wrapping handling of UTF-8, the Unicode Transformation Format used for encoding characters in e-mail, instant messages and Web pages, iDefense Labs warned in its security advisory. The vulnerabilities potentially could affect earlier versions of the Trillian software as well, iDefense said.

Trillian, which supports Yahoo's Instant Messenger, AOL's AIM, MSN Messenger, and Internet-relay chat and ICQ ("I seek you") instant-messaging protocols, could be exploited if users view a malicious message containing an unusually long UTF-8 string. Attackers could then potentially launch a buffer overflow and remotely gain control of a user's system, according to Secunia, which rates the security flaws as "highly critical."

Cerulean Studios has released an update, version 3.1.6.0, to Trillian. iDefense noted that while it identified the MSN protocol as a potential attack vector for the vulnerabilities, other supported protocols may be vulnerable.

See more CNET content tagged:
Cerulean Studios, Trillian, iDefense, security update, vulnerability

Add a Comment (Log in or register) (5 Comments)

Geeze...

by jelloburn June 19, 2007 10:06 AM PDT

I'm so tired of c|net hating on Trillian. Every time something bad
happens to Trillian, they jump all over it and point out it's flaws!

It's almost like their bias against Windows Vista AND Mac OS X...

I hope somebody found the sarcasm in this post.

Reply to this comment

Easy there tiger
by ittesi259 June 19, 2007 2:04 PM PDT: Being an everyday user of trillian I do appreciate somebody mentioning there is a potential major security flaw. Now if my trillian doesn't auto update I can take care of it myself. Thank you CNet for the heads up.

I got it
by dburr13 June 19, 2007 4:36 PM PDT: Hilarious and true...Flaw denial is rampant here...I actually saw one person say that a patch to one particular system should be referred to as "an improvement"

Reporting flaws is okay.
by Macsaresafer June 20, 2007 5:12 AM PDT: Leaving out important details to create as much fear as possible
is not okay.

This article is yet another example of reporting a threat and
omitting any information that might indicate who is really
vulnerable. What operating systems are affected? We can only
assume from C/net's reporting history that this doesn't affect
Macs, because if it did, Macs would be specifically and
prominently mentioned. We can also assume that it affects
several versions of Windows, but probably not Linux or other
Unix like systems.

By leaving out information on affected operating systems, C/net
creates the false impression that everyone is vulnerable to every
security flaw in every application, no matter what OS they're
using.

Nice begening
by lyr32 June 24, 2007 2:49 AM PDT: Nice begening: "Cerulean Studios on Monday released a "highly critical" security update for its Trillian multi-protocol chat software.
"

Nicso - http://www.lyricsrec.com/lyrics/billy-joel/index.php
http://www.lyricsrec.com/lyrics/brandy/index.php; Reply to this comment

(5 Comments)

Latest tech news headlines

Find the right internship with these tools
Posted in Webware by Don Reisinger

July 6, 2009 2:56 PM PDT
Microsoft opens Hohm to energy monitoring
Posted in Green Tech by Martin LaMonica

July 6, 2009 2:24 PM PDT
Windows 7 testers have long path to upgrade
Posted in Beyond Binary by Ina Fried

July 6, 2009 1:41 PM PDT
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Dow Jones Industrials (0.53%) 44.13 8,324.87; S&P 500 (0.26%) 2.30 898.72; NASDAQ (-0.51%) -9.12 1,787.40; CNET TECH (67.49%) 519.65 1,289.66

Inside CNET News

Scroll Left Scroll Right

Business Tech
EMC raises bid for Data Domain
In the battle for Data Domain, EMC increases its bid to $33.50 per share in cash and says its offer is "clearly superior" to NetApp's bid.
Gallery
Photos: 'Train warriors, test weapons'
Technically Incorrect
Craigslist, eBay fighting Michael Jackson scalpers
Craigslist and eBay are full of offers of tickets to the pop singer's memorial service--some with an asking price of thousands of dollars for a pair. But are the tickets worth anything?
Beyond Binary
Windows 7 testers have long path to upgrade
Moving from the test to final version of the operating system is not as easy as just forking over the money. In some cases, two installations are required.
Video
Video: iPhone 3G S launch in New York City
Wireless
Report: DOJ looks into telecom dominance
The Wall Street Journal reported Monday that the Department of Justice is reviewing potential anticompetitive practices by large phone companies.
Video
A recipe for high-tech chocolate
The Social
Andreessen: Facebook revenue to top $500 million in '09
The Netscape founder, a member of Facebook's board of directors, says the social network has the potential to be a billion-dollar company already.
Cutting Edge
Large Hadron Collider grid stress-tested
The tests, which were deemed a success, threw huge amounts of data at the grid that will process information from the collider.
Gallery
Photos: Spiral Jetty, Robert Smithson's wondrous earthwork
Webware
Find the right internship with these tools
If you're looking for an internship, start with these resources. From search tools to ratings, you'll find everything you need.
Green Tech
Microsoft opens Hohm to energy monitoring
Can a slick Web application give you decent advice on cutting your home energy use? Based on a first look at Microsoft Hohm, CNET News' Martin LaMonica says yes.