AOL flaw quietly fixed

America Online has quietly fixed a serious security vulnerability in its software.

The flaw lies in versions 8.0, 8.0 Plus and 9.0 Classic of AOL's client software, the U.S. Computer Emergency Readiness Team said in an alert Monday. The vulnerable software was also distributed via AOL's You've Got Pictures Web site prior to 2004, US-CERT said.

The security hole could allow a remote attacker to commandeer a vulnerable PC, according to US-CERT. However, AOL actually fixed the flaw and distributed an update to its 20 million users in October last year, company spokesman Andrew Weinstein said Tuesday.

"We believe that the overwhelming majority of our members are not affected by this," Weinstein said.

AOL learned of the issue last August and pushed a fix to users who logged on to the service over a four-week period in October, Weinstein said. The update was silent and fast. "This is really not an issue of any scope at all and most members should not worry about it," he said.

Users of AOL 9.0 Optimized or AOL 9.0 Security Edition and of the earlier editions who signed on in October last year are protected, Weinstein said. Users who did not log on in that period can download a fix from the AOL Web site.

Question: What do you think of AOL quietly installing security updates on PCs of its users? What would happen if Microsoft installed updates for Windows on users' PCs without any notice at all?

Close
Drag