Yahoo releases critical security patch for IM

Patch for Messenger addresses zero-day exploits that take advantage of vulnerabilities in its Webcam ActiveX controls.

Yahoo has issued a critical security patch for Messenger to address zero-day exploits that take advantage of vulnerabilities in its Webcam ActiveX controls.

The exploits to instant messaging surfaced Wednesday, less than 24 hours after the vulnerabilities were first reported to Yahoo by eEye Digital Security.

Messenger users' computers could be at risk if they visit malicious Web sites or view other malicious HTML code. The attackers could then exploit security flaws in the Yahoo Webcam ActiveX control, a software package that is downloaded with Messenger.

eEye Digital Security discovered the flaw and reported it to Yahoo earlier this week. eEye gave the problem its highest risk rating; fellow security company Secunia did the same, labeling it "extremely critical." Yahoo issued the patch in an update on Thursday.

Yahoo's advisory on the problem states that anyone using a version of Messenger obtained before Friday should download the update.

In December, Yahoo issued a "highly critical" update to address another ActiveX security flaw in Messenger. The vulnerability was found in the ActiveX control for Yahoo's services suite, which could be exploited to launch a buffer overflow attack.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

New Google OnHub router is one of a kind

Reviewing the search giant's sleek and super-cool OnHub home router (while totally and completely trusting Google with personal info).

by Dong Ngo