Latest News

Suncorp looks to AI and core overhaul to address insurance affordability

Superloop to buy rival Lynham for $165 million

Coalition names shadow comms, digital and cyber ministers

Macquarie brings agentic SRE to its digital bank

Russian official acknowledges Starlink systems down for two weeks

Yahoo IM zero day patched

By Darren Pauli

Dec 9 2011 4:40AM

Status messages hijacked.

Yahoo has closed off a zero day hole in its popular instant messenger program.

Yahoo IM zero day patched

The hole allowed attackers to insert dubious links into status messages by simulating a file transfer.

BitDefender researcher Bogdan Botezatu found the hole that was caused by an $InlineAction parameter, which controls the accept transfer feature. The parameter could be manipulated to load an iFrame.

The attacker did not have to be in the victim's contact list to send the iFrame.

Yahoo had deployed a server-side fix for the latest version 11.x of its chat client

Bitdefender said it found the flaw while investigating a customer’s machine.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

im security vulnerabilities yahoo

Partner Content

Identity at the Centre: Why AI Is Accelerating a New Security Imperative

Partner Content Identity at the Centre: Why AI Is Accelerating a New Security Imperative

Overcoming the “last mile” problem in AI adoption with Lucid Software

Promoted Content Overcoming the “last mile” problem in AI adoption with Lucid Software

From hype to value: The AI trends set to shape 2026

Partner Content From hype to value: The AI trends set to shape 2026

From Faster Coding to Accelerated Innovation Cycles: How Intelligent Orchestration Unlocks AI's Promise

Promoted Content From Faster Coding to Accelerated Innovation Cycles: How Intelligent Orchestration Unlocks AI's Promise

Sponsored Whitepapers

Uncomplicate IT Service Delivery with AI Agents

Uncomplicate IT Service Delivery with AI Agents

Getting ahead of the tech: what’s next for Australian organisations in digital transformation

Getting ahead of the tech: what’s next for Australian organisations in digital transformation

Fintech compliance made fast and secure

Fintech compliance made fast and secure

How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

2025 Security operations insights: Three-quarters of security leaders need something new in SIEM

2025 Security operations insights: Three-quarters of security leaders need something new in SIEM

Events

Most Read Articles

Researchers find critical vulnerabilities in cloud-based password managers

Researchers find critical vulnerabilities in cloud-based password managers

Service NSW launches Digital ID pilot

Service NSW launches Digital ID pilot

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Victoria's whole-of-government CISO has left

Victoria's whole-of-government CISO has left

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories