The company confirmed the bug Friday but said it knew about the bug Thursday, according to senior security product manager David Andrews. A new version of Communicator will be available in two weeks to coincide with a scheduled software upgrade. Users will have to download the entire suite to patch the security flaw.
One Internet software analyst said he isn't surprised by the number of bugs found in Communicator so far. "Given the development speeds of software, you're basically getting beta software from most companies," said Ira Machefsky of Giga Information Group.
Machefsky, however, said this type of security flaw could threaten e-commerce protocols such as SET (Secure Electronic Transactions). "If it can read any form data, it's even a potential threat to SET. [SET] might not be susceptible to this particular bug, but the protocol assumes that data on your system is safe" [before it's transmitted].