Yahoo plugs Messenger hole

By Joris Evers
Staff Writer, CNET News

Related Stories: Yahoo Mail integrates IM
February 12, 2007; Yahoo's IM update: A Trojan horse of surprises
December 15, 2006; Yahoo Messenger releases security update
December 15, 2006

Yahoo this week released an updated version of its instant messaging application to fix a vulnerability in the audio conferencing feature. If exploited, the security hole could give an attacker full control over a Windows computer running the vulnerable software, Yahoo said on its Web site. All versions of Yahoo Messenger downloaded before March 13 are affected, the company said.

For a hack to succeed an attacker would have to trick a Yahoo Messenger user into viewing a malicious Web page, Yahoo said. The flaw lies in an ActiveX control, a small program that can typically be invoked from Internet Explorer. Yahoo will notify its users to install the update over the next several weeks, the company said.

See more CNET content tagged:
audioconferencing, Yahoo! Inc., Yahoo IM, security

Add a Comment (Log in or register)

Yahoo for Mac OS 10
by wayland.ind April 4, 2007 7:04 PM PDT: i wonder when yahoo is going to have an active development team for their Macintosh messenger.
it's ridiculous to see them releasing an update every 3 years. i hope MSFT makes the next MSN version so you can communicate with yahoo users.; Like this Reply to this comment

Latest tech news headlines

New Apple ads to Verizon: Can Droid do this?
Posted in Technically Incorrect by Chris Matyszczyk

November 23, 2009 5:45 PM PST
Charlie the robot joins rest home staff
Posted in Crave by Leslie Katz

November 23, 2009 5:17 PM PST
Millions using social media on Xbox Live
Posted in Geek Gestalt by Daniel Terdiman

November 23, 2009 5:02 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Yahoo (0.00%) 0.00 15.45; Dow Jones Industrials (0.00%) 0.00 10,450.95; S&P 500 (0.00%) 0.00 1,106.24; NASDAQ (0.00%) 0.00 2,176.01; CNET TECH (0.00%) 0.00 1,604.16

Inside CNET News

Scroll Left Scroll Right

Business Tech
HP reports in-line earnings, raises 2010 outlook
Company reports earnings of $1.14 per share on $30.8 billion in sales, and it forecasts earnings of $1.03 to $1.05 per share on sales of $29.6 billion to $29.9 billion.
Gallery
Top-rated reviews of the week (photos)
Technically Incorrect
New Apple ads to Verizon: Can Droid do this?
Apple decides to fight back against Verizon and Droid advertising. With simple product demonstrations, it asks just how much doing Droid can really do.
Beyond Binary
Windows 8 in 2012?
It's not clear what Microsoft's desktop plans are, but the Windows Server team included slides at PDC suggesting a new major release coming around 2012.
Video
Google Chrome OS demonstration
Technically Incorrect
Police arrest exec for not using Twitter
After singer Justin Bieber does not appear at a Long Island mall, police ask a record label veep to tweet encouragement for the crowd to disperse. He allegedly doesn't and is thus arrested.
Video
Google Chrome OS unveiling
Geek Gestalt
Millions using social media on Xbox Live
Microsoft has released its first figures on how well Facebook, Twitter, and Last.fm have done on Xbox Live. They show substantial, though not huge, engagement.
Digital Media
IBM taps into group language translation
IBM employees are testing n.Fluent, software that can instantly translate documents between English and 11 other languages.
Gallery
Home energy displays show you the juice (photos)
Fully Equipped
Top 15 Black Friday tech deals
With tons of so-called Black Friday bargains out there, we thought we'd take a moment to sort through all the junk and surface some real deals. Check out our top picks.
Green Tech
Time short to agree on smart-grid standards
The next phase of smart-grid standards is due to start next year but vendors pushing their own home networking options threatens to slow the process, says a NIST official.