Yahoo releases critical security patch for IM

By Dawn Kawamoto
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Yahoo releases critical security patch for IM

Related Stories: Yahoo plugs Messenger hole
April 4, 2007; Yahoo Messenger releases security update
December 15, 2006
Related Blogs: Yahoo IM hit with critical security flaws
News Blog
June 6, 2007

Yahoo has issued a critical security patch for Messenger to address zero-day exploits that take advantage of vulnerabilities in its Webcam ActiveX controls.

The exploits to instant messaging surfaced Wednesday, less than 24 hours after the vulnerabilities were first reported to Yahoo by eEye Digital Security.

Messenger users' computers could be at risk if they visit malicious Web sites or view other malicious HTML code. The attackers could then exploit security flaws in the Yahoo Webcam ActiveX control, a software package that is downloaded with Messenger.

eEye Digital Security discovered the flaw and reported it to Yahoo earlier this week. eEye gave the problem its highest risk rating; fellow security company Secunia did the same, labeling it "extremely critical." Yahoo issued the patch in an update on Thursday.

Yahoo's advisory on the problem states that anyone using a version of Messenger obtained before Friday should download the update.

In December, Yahoo issued a "highly critical" update to address another ActiveX security flaw in Messenger. The vulnerability was found in the ActiveX control for Yahoo's services suite, which could be exploited to launch a buffer overflow attack.

See more CNET content tagged:
eEye Digital Security, security patch, Yahoo! Inc., vulnerability, ActiveX Control

Add a Comment (Log in or register) 6 comments

Yahoo!!!!
by wayland.ind June 8, 2007 12:31 PM PDT: i'm surprised yahoo is fast on patching messenger. i know is the
windows version but still. where as for the mac version it has been
in beta1 status for 1 year now; i wonder if they'll keep up to their 3
year schedule for releaseing another version or just kill the project
for good. from what i know they only have 1 developer on their
team. is Yahoo that poor that they can't hire some more people to
speed up the release?; Reply to this comment View reply
Processing

No surprise there
by Itsya September 6, 2007 6:34 AM PDT: Well, I posted Yahoo's lack of security in February of 2004 and I am going to leave it there as long as the internet exists because when my Yahoo account got hacked they refused to do anything about it, it was a PAID account too, they managed to find the credit card information and I cancelled it back then, now I only use Yahoo for free and junk mail and NEVER use their IM, never have and never will. They are just too easy to hack. Seems they need to REAL computer professionals with REAL computer engineering degrees from accredited Universities, instead of relying on "gamers/hacker/computer junkies/MS certificates/(no slur intended) to maintain their security and design programs.; Reply to this comment

Latest tech news headlines

IBM invests in business partners' training
Posted in News - Business Tech by Colin Barker

October 11, 2008 5:01 PM PDT
Navy charters kite-powered cargo ship to deliver equipment
Posted in Military Tech by Mark Rutherford

October 11, 2008 11:03 AM PDT
FCC report negates free Internet interference claims
Posted in News - Wireless by Michelle Meyers

October 11, 2008 10:41 AM PDT
See all headlines

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
IBM invests in business partners' training
A business development fund aims to encourage its largest partners to take up more skills training around data centers.
Gallery
Photos: Top 10 reviews of the week
Military Tech
Navy charters kite-powered cargo ship to deliver equipment
The use of this new breed of sailing ship could reduce fuel costs by 20 to 30 percent, according to the ship's owners.
Coop's Corner
Ellison's mantra: Spend, baby, spend
It may be hell out there, but Oracle's chief tells shareholders the company still intends to shop for more acquisitions.
Video
Sprint launches Xohm WiMax
News - Wireless
FCC report negates free Internet interference claims
Report from commission engineers boosts plan to auction spectrum for free wireless Internet by dismissing concerns it would interfere with existing providers' signals.
Video
Talking with Newt Gingrich on tech, bailout
News - Politics and Law
President signs broadband data collection bill
The Broadband Data Act encourages wider collection of information regarding nationwide access to broadband.
News - Cutting Edge
Academics sink teeth into Yahoo search service
Yahoo hopes its Build Your Own Search Service program has piqued the interest of academic researchers. Next stop: start-ups.
Gallery
Photos: Cracking open Apple's revamped iPod Nano
Crossfade
Crooked Fingers, 'Phony Revolutions': Free MP3 of the Day
Download a free MP3 of "Phony Revolutions" courtesy of CNET Download Music.
Green Tech
Urban wind power inspired by ancient Persia
The shape of urban wind power continues to morph. The latest twist come from Windation, a company with a design inspired by centuries-old "wind catchers."