Last week, a Yahoo Messenger security update was issued; this update fixed a pretty serious flaw. Now Yahoo's at it again, and it's the same piece of software that's in trouble.(Another) Update For Yahoo Messenger
From the horse's mouth: ''Yahoo! recently identified a security issue, commonly referred to as a buffer overflow in an ActiveX control. This control is part of the Yahoo! services suite typically downloaded with the installer for Yahoo! Messenger.''
Yahoo's official Security Update later continues, ''Some impacts of a buffer overflow might include involuntary log out of a Yahoo! Chat and/or Yahoo! Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code. In this case, these problems could only happen if an attacker successfully lured the Yahoo! Messenger user to view malicious HTML code, most likely by getting a person to visit the attacker's web page.''
Users of Yahoo Messenger would be well advised to download the patch as soon as possible, then, and in the meantime, be more careful than usual.
Still, a small measure of comfort may be taken in the fact that, to the best of Yahoo's knowledge, ''there have been no known malicious executable code exploits related to this issue.'' Also, Yahoo says that the Messenger update is rather small in terms of download time.
Hat tip to ZDNet's Ryan Naraine.
Add this link to...
Tell a friend
Bury
Add to:
| Bookmarks
1 Comment
Comments
"...the introduction of executable code." In case you didn't know, that's a BAD thing! Read on...