Yahoo plugs Messenger hole

New version of Yahoo Messenger fixes a security vulnerability in the audio conferencing feature.

Yahoo this week released an updated version of its instant messaging application to fix a vulnerability in the audio conferencing feature. If exploited, the security hole could give an attacker full control over a Windows computer running the vulnerable software, Yahoo said on its Web site. All versions of Yahoo Messenger downloaded before March 13 are affected, the company said.

For a hack to succeed an attacker would have to trick a Yahoo Messenger user into viewing a malicious Web page, Yahoo said. The flaw lies in an ActiveX control, a small program that can typically be invoked from Internet Explorer. Yahoo will notify its users to install the update over the next several weeks, the company said.

Tags:
Security
About the author

    Joris Evers covers security.

     

    Discuss Yahoo plugs Messenger hole

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Articles from CNET
    The other analog format: Cassette tape decks have never been cheaper to buy