Zero-day exploits attack Yahoo, AOL instant messengers

Code could put millions of IM users at risk to new attacks.

Zero-day exploit codes targeting Yahoo and AOL instant-messenger services could put frequent IM users at risk to new attacks.

A non-vendor disclosed vulnerability within Yahoo Messenger has been exploited by two different code releases Wednesday. This is the third security glitch for Yahoo Messenger in as many months. There is no workaround or patch available yet for these exploits.

A second non-vendor disclosed vulnerability in AOL Instant Messenger targets how users are notified of new IMs. Security vendor Secunia recommends that current AIM users disable that option until a patch is available.

ZDNet blogger Ryan Naraine has more information and links to the exploit codes.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    The best and worst quotes of 2014 (pictures)
    A roomy range from LG (pictures)
    This plain GE range has all of the essentials (pictures)
    Sony's 'Interview' heard 'round the world (pictures)
    Google Lunar XPrize: Testing Astrobotic's rover on the rocks (pictures)
    CNET's 15 favorite How Tos of 2014