Yahoo releases Messenger security update

Update addresses flaw exploited last week, wherein opening a Webcam invitation could allow a remote attacker to execute malicious code on a compromised machine.

On Tuesday, Yahoo released an updated version of Yahoo Messenger, designed to patch a vulnerability in the Webcam feature first exploited last week.

The China-based exploit causes a heap overflow to be triggered when the target accepts a Webcam invitation. After opening an invitation, a remote attacker could execute malicious code on a compromised machine.

Users who downloaded or had installed Yahoo Messenger prior to August 21 should update to the latest version, Yahoo Messenger version

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.


    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments