Yahoo plugs Messenger hole

New version of Yahoo Messenger fixes a security vulnerability in the audio conferencing feature.

Yahoo this week released an updated version of its instant messaging application to fix a vulnerability in the audio conferencing feature. If exploited, the security hole could give an attacker full control over a Windows computer running the vulnerable software, Yahoo said on its Web site. All versions of Yahoo Messenger downloaded before March 13 are affected, the company said.

For a hack to succeed an attacker would have to trick a Yahoo Messenger user into viewing a malicious Web page, Yahoo said. The flaw lies in an ActiveX control, a small program that can typically be invoked from Internet Explorer. Yahoo will notify its users to install the update over the next several weeks, the company said.

About the author

    Joris Evers covers security.


    Discuss Yahoo plugs Messenger hole

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Articles from CNET
    The other analog format: Cassette tape decks have never been cheaper to buy