June 8, 2007 7:48 AM PDT

Yahoo releases critical security patch for IM

Yahoo releases critical security patch for IM
Related Stories

Yahoo plugs Messenger hole

April 4, 2007

Yahoo Messenger releases security update

December 15, 2006
Related Blogs

Yahoo IM hit with critical security flaws

June 6, 2007
Yahoo has issued a critical security patch for Messenger to address zero-day exploits that take advantage of vulnerabilities in its Webcam ActiveX controls.

The exploits to instant messaging surfaced Wednesday, less than 24 hours after the vulnerabilities were first reported to Yahoo by eEye Digital Security.

Messenger users' computers could be at risk if they visit malicious Web sites or view other malicious HTML code. The attackers could then exploit security flaws in the Yahoo Webcam ActiveX control, a software package that is downloaded with Messenger.

eEye Digital Security discovered the flaw and reported it to Yahoo earlier this week. eEye gave the problem its highest risk rating; fellow security company Secunia did the same, labeling it "extremely critical." Yahoo issued the patch in an update on Thursday.

Yahoo's advisory on the problem states that anyone using a version of Messenger obtained before Friday should download the update.

In December, Yahoo issued a "highly critical" update to address another ActiveX security flaw in Messenger. The vulnerability was found in the ActiveX control for Yahoo's services suite, which could be exploited to launch a buffer overflow attack.

See more CNET content tagged:
eEye Digital Security, Yahoo! Inc., security patch, vulnerability, ActiveX Control


Join the conversation!
Add your comment
i'm surprised yahoo is fast on patching messenger. i know is the
windows version but still. where as for the mac version it has been
in beta1 status for 1 year now; i wonder if they'll keep up to their 3
year schedule for releaseing another version or just kill the project
for good. from what i know they only have 1 developer on their
team. is Yahoo that poor that they can't hire some more people to
speed up the release?
Posted by wayland.ind (20 comments )
Reply Link Flag
Yahoo is the reason I Google
Posted by GGGlen (491 comments )
Link Flag
No surprise there
Well, I posted Yahoo's lack of security in February of 2004 and I am going to leave it there as long as the internet exists because when my Yahoo account got hacked they refused to do anything about it, it was a PAID account too, they managed to find the credit card information and I cancelled it back then, now I only use Yahoo for free and junk mail and NEVER use their IM, never have and never will. They are just too easy to hack. Seems they need to REAL computer professionals with REAL computer engineering degrees from accredited Universities, instead of relying on "gamers/hacker/computer junkies/MS certificates/(no slur intended) to maintain their security and design programs.
Posted by Itsya (7 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.