CNET también está disponible en español.

Ir a español

Don't show this again


Yahoo Messenger releases security update

Aimed at flaws in software that downloads with Messenger, update is called "highly critical" by one security company.

Yahoo has issued what one security company labels a "highly critical" update for the popular instant messaging feature.

The update is designed to combat software flaws that could allow an attacker to take over a person's computer.

The flaws affect versions of Yahoo Messenger 5.0 through 8.0, according to a security advisory released Friday by Secunia. Windows users who are running versions of Yahoo Messenger released before November 2 are advised to update to Yahoo Messenger 8.1.

CNET's Elsa Wenzel takes a look at how to update the feature while avoiding unwanted changes to your Internet browser.

A security flaw was found in the ActiveX control component of Yahoo's services suite that typically downloads with the Yahoo Messenger installer. The vulnerability could allow a buffer overflow to occur in the ActiveX control. A buffer overflow occurs when a computer tries to store too much data in a temporary storage area, resulting in a system crash or in giving an attacker "back door" access to the system.

As a result of the ActiveX vulnerability, people could involuntarily be logged out of a Messenger session, have an application such as Internet Explorer crash, or have malicious code launched on their PC if they're lured to a malicious Web site, according to a security advisory released by Yahoo.

In the past, Yahoo Messenger users have been the target of phishing attacks. Attackers would send a message to someone that appeared to come a person on their friends list, and then attempt to lure the IM user to a bogus Yahoo site. The site would then prompt the person to enter their Yahoo ID and password.