The company said the security issue was related to a buffer overflow, a common security vulnerability in computer programs written in C and C++ that allows more information to be added to a chunk of memory than it was designed to hold.
Typical problems involved in an instant-messaging-related buffer overflow might include an involuntarily log-out of ansession, a crash of browsing software applications, and a possible introduction of executable code. The last of the potential problems would likely cause the most damage, as the code might allow a malicious programmer to take control of a user's machine, delete files and otherwise wreak havoc with a victim's computer system.
According to Yahoo, only a small percentage of the company's
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
, which issued the new IM software Thursday, reported that it first learned of the vulnerability via a warning posted to a security message board Tuesday night. The company said it immediately began working to validate the flaw and address the issue. Yahoo recommends updating its IM software on a regular basis to ensure customers are protected against similar flaws.
A nearlywas addressed in an earlier security patch distributed by Yahoo earlier this year.