- Networking
- Security
- Telco/ISP
- Storage
- Hardware
- Software
- Oddware
- iTnews Benchmark Awards
- SC Benchmark Awards

Sign in Join

Galleries | Research | Blogs | CXO Challenge | Topics | Resources | Events | Newsletter

Home / News / Technology / Security

Yahoo IM zero day patched

By Darren Pauli on Dec 9, 2011 4:40 AM
Filed under Security

Tweet

Status messages hijacked.

Yahoo has closed off a zero day hole in its popular instant messenger program.

The hole allowed attackers to insert dubious links into status messages by simulating a file transfer.

BitDefender researcher Bogdan Botezatu found the hole that was caused by an $InlineAction parameter, which controls the accept transfer feature. The parameter could be manipulated to load an iFrame.

The attacker did not have to be in the victim's contact list to send the iFrame.

Yahoo had deployed a server-side fix for the latest version 11.x of its chat client

Bitdefender said it found the flaw while investigating a customer’s machine.

Copyright © SC Magazine, Australia

Yahoo IM zero day patched

Tags

yahoo, im, vulnerabilities

Related Articles

Adobe tackles Flash zero-days with mega patch

Hackers target third new zero-day for Adobe Flash

Google pays up front for bug hunting

Adobe issues second emergency patch for exploited zero-day

Breaking Stories

Why companies aren't investing in cyber security

Equinix's Melbourne data centre to open in weeks

CrimTrac names new boss as Smith exits

Virgin Atlantic engineers to test Sony smart glasses, watches

Alibaba muscles in on Amazon's turf with new US data centre

Send us your tips

Readers of this article also read...

Data Breach Notification Roundtable eBook
A new theory of digital identity
Singapore University hacked
ANZ E*Trade DoSSed
Amazon Web Services uses Check Point gateways
Mother of Stuxnet and Duqu bore five siblings
Anonymous to attack Sony, Bieber over SOPA support
ASP.NET hole workaround published
Subway hack wasn't fresh
Analysis: HTML5 security holes detailed

You must be a registered member of iTnews to post a comment.

Click here to login | Click here to register

Top Stories

Myer CIO named retailer's new chief executive

Myer CIO named retailer's new chief executive

Richard Umbers to lead data-driven retail strategy.

Empty terminals and mountains of data

Empty terminals and mountains of data

Qantas CIO Luc Hennekens says no-one is safe from digital disruption.

BoQ takes $10m hit on Salesforce CRM

BoQ takes $10m hit on Salesforce CRM

Regulatory hurdles end cloud pilot.

Sign up to receive iTnews email bulletins

FOLLOW US...

Powered by Disqus

Latest Comments

Powered by Disqus

Polls

Who do you trust most to protect your private data?

Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

| View results

Your bank

35%

Your insurance company

5%

A technology company (Google, Facebook et al)

9%

Your telco, ISP or utility

8%

A retailer (Coles, Woolworths et al)

4%

A Federal Government agency (ATO, Centrelink etc)

18%

An Australian law enforcement agency (AFP, ASIO et al)

15%

A State Government agency (Health dept, etc)

7%

TOTAL VOTES: 4109

Vote

Do you support the abolition of the Office of the Information Commissioner?

I support shutting down the OAIC.
I DON'T support shutting the OAIC.

| View results

I support shutting down the OAIC.

27%

I DON'T support shutting the OAIC.

73%

TOTAL VOTES: 1401

Vote

view previous polls »

Whitepapers from our sponsors

Understanding the economics of IT risk and reputation

Five essentials for better work force continuity

Building the business case for continuity and resiliency

Most popular tech stories

BIT

7 accounting packages for Australian small businesses compared: including MYOB, QuickBooks Online, Reckon, Xero

Do you use Dropbox? Here are some clever tricks

Do you know these 12 eBay tips?

How much does it cost to use the NBN? 14 providers compared including iiNet, Telstra, Internode

Is it time to setup my own personal cloud instead of using Dropbox?

CRN

Who attended the Females in IT Women's Day lunch in Melbourne?

Tech on the ASX: winners and losers in first-half

Who was spotted at Thomas Duryea's public cloud launch?

The top data centre vendors you should know

Australian school among world's first IBM-Apple deployments

PC & Tech Authority

How to: How much RAM do you really need?

Top 25 fantasy games of all time

How to: Become invisible to Google

Top 15 obscure video game consoles for collectors

Hands-on Preview: Project CARS

PC PowerPlay

Review: Intel i7-4970K

Yes, Homeworld Remastered Collection will support mods!

Battlefield 4 edges closer to Bad Company 2 destructibility

Hands-on Preview: Sid Meier's Starships

Evolve’s biggest strength is its greatest weakness

Feedback | Contact Us | Advertise | About Us | Newsletter Archive | Syndication | Site Map | RSS

BIT | CRN Australia | PC & Tech Authority | PC PowerPlay

Copyright © 2015 nextmedia Pty Ltd. All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.

Login to iTnews

Username:

* Username required

Password:

* Password required

Remember me | Forgot your password?

Don't have an account? Register now!

To request a new password, please enter the email address linked to your iTnews account and we'll send one to you.

Email:

* Email required

* Invalid Email address

* Invalid Email address

Click here to return to Login Form

Become part of the iTnews community

Take part in discussions with comments on blogs, news and reviews; receive all the latest industry news directly to your inbox and tailor make your information specifically to your interests. Join now for free.

1) Login Details

Username*

* Username required

Email*

* Email address required

* Invalid Email address

Password*

* Password required

Confirm Password*

* Password confirmation required

* Passwords don't match!

2) About You

First Name*

* First name required

Last Name*

* Last name required

Country*

* Country req'd

State*

* State req'd

Post Code*

* Post Code req'd

Job Function*

* Job function required

Company name*

* Company required

Company size*

* Company required

Industry*

* Industry required

3) Bulletins Receive the latest news and reviews directly to your inbox. Tailor your information by selecting your areas of interests below:

Daily Newswire

Daily bulletin
Delivered daily, iTnewswire delivers the most important IT news from Australia and around the world.

Special offers for IT professionals

iTnews will keep you up to date with special offers, promotions, competitions and new products.

At no time will your email be provided to any other company.

SC Magazine's weekly InfoSec edition

Delivered weekly.

Special offers for Information Security Professionals

iTnews will keep you up to date with special offers, promotions, competitions and new products for Information Security Professionals.

At no time will your email be provided to any other company.

I have read and accept the Privacy Policy and Conditions of Use of registration*

* You must agree to the Terms & Conditions to register an account

Already have an account? Log in here.

Processing registration... Please wait.

This process can take up to a minute to complete.

Please check your email

A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.

If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.