A Zero-Day Vulnerability Emerges in Yahoo IMMcAfee Avert Labs has warned of a zero-day flaw in Yahoo Messenger, making it for the second time in August 2007 when security researchers discovered a serious security hole in the instant messaging client. In its blog entry, McAfee researchers have confirmed a statement on a security forum in Chinese language that a serious flaw exists in the latest version of the chat client, Yahoo. The Register reported this on August 16, 2007. With the help of a heap overflow, a cyber criminal could compromise a system by tricking an unsuspecting person to accept an invitation on the webcam. It seems that when the probable victim welcomes a webcam invitation, it triggers a classic heap overflow, wrote security researcher Wei Wang at McAfee in the security blog of the company. McAfee reported this on August 15, 2007. This vulnerability is notably different from the one that exploited the ActiveX controls of Yahoo webcam and which was recently patched in June. The vulnerability reminds of the nasty bug that Yahoo crushed in June 2007 with which an attacker could remotely execute code on systems using the IM client. The security gap was present in the ActiveX control of the program. During the recent years, there has been a dramatic change over in attacks from server-side to client-side assaults, according to Michael Sutton, a security expert at SPI Dynamics. SCI-TECH TODAY.com published this on August 16, 2007. Attackers have discovered that client-side assaults greatly help in identity theft and phishing operations, Sutton explained. The latest vulnerability in the Yahoo IM is a pure example of a client-side flaw, Sutton said. Fortunately, there are no instances of widespread attack through this medium. There has also not emerged any exploit code. And it is hoped that Yahoo would fast patch all the IM clients to lessen this threat. A representative of Yahoo has confirmed the security gap and said that software developers of the company were working on its repair. McAfee advises users of Yahoo Messenger to avoid accepting invitations for Web chat from unknown people, whether or not there is a webcam installed on their system. Related article: A New "Blackmailing" Variant Creeps Around… » SPAMfighter News - 9/5/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
