Latest News

NEXTDC to build AI campus and GPU "supercluster" in Sydney

WA makes its chief data officer permanent

Samsung tried to fix triple zero problem with mobiles nearly five years ago

Cochlear plugs AI into its global contact centre operations

Seqwater seeking asset planning tool to overcome "functional limitations"

Yahoo IM zero day patched

By Darren Pauli

Dec 9 2011 4:40AM

Status messages hijacked.

Yahoo has closed off a zero day hole in its popular instant messenger program.

Yahoo IM zero day patched

The hole allowed attackers to insert dubious links into status messages by simulating a file transfer.

BitDefender researcher Bogdan Botezatu found the hole that was caused by an $InlineAction parameter, which controls the accept transfer feature. The parameter could be manipulated to load an iFrame.

The attacker did not have to be in the victim's contact list to send the iFrame.

Yahoo had deployed a server-side fix for the latest version 11.x of its chat client

Bitdefender said it found the flaw while investigating a customer’s machine.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

im security vulnerabilities yahoo

Partner Content

Transforming Australian Insurance Operations, Customer Service and Fraud Detection with AI and ML

Partner Content Transforming Australian Insurance Operations, Customer Service and Fraud Detection with AI and ML

Machine identity a key priority for organisations’ security strategies: CyberArk

Partner Content Machine identity a key priority for organisations’ security strategies: CyberArk

How small audio upgrades can enhance your hybrid work and improve business ROI

Partner Content How small audio upgrades can enhance your hybrid work and improve business ROI

ElasticON Sydney 2025: Deriving value from your data with Search AI

Partner Content ElasticON Sydney 2025: Deriving value from your data with Search AI

Sponsored Whitepapers

Protect the data your business relies on

Protect the data your business relies on

The cloud tipping point

The cloud tipping point

How AI will deliver real business value

How AI will deliver real business value

The multicloud imperative

The multicloud imperative

Your multicloud advantage

Your multicloud advantage

Events

iTnews Executive Retreat - Security Leaders Edition

Most Read Articles

WA man jailed for at least five years for evil twin attack

WA man jailed for at least five years for evil twin attack

Home Affairs to unleash AI on sensitive government data

Home Affairs to unleash AI on sensitive government data

Watt flags more fed insourcing after BoM website outrage

Watt flags more fed insourcing after BoM website outrage

ASX outage caused by security software upgrade

ASX outage caused by security software upgrade

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories