Yahoo IM zero day patched

Powered by SC Magazine

Status messages hijacked.

Yahoo has closed off a zero day hole in its popular instant messenger program.

The hole allowed attackers to insert dubious links into status messages by simulating a file transfer.

BitDefender researcher Bogdan Botezatu found the hole that was caused by an $InlineAction parameter, which controls the accept transfer feature. The parameter could be manipulated to load an iFrame.

The attacker did not have to be in the victim's contact list to send the iFrame.

Yahoo had deployed a server-side fix for the latest version 11.x of its chat client

Bitdefender said it found the flaw while investigating a customer’s machine.

Copyright © SC Magazine, Australia

Yahoo IM zero day patched
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats