X
Business
Home Business Social Media

Yahoo Messenger patch ready, but it's not mandatory

I'm still working on that follow-up story on how Yahoo completely screwed up the flaw disclosure process (waiting to give Yahoo a chance to comment) and caused exploit code to be publicly released but, in the meantime, Yahoo Messenger users should know that a patch is now available and ready for download.Over the next several weeks, users worldwide will be prompted to update to a new version of Yahoo!
Written by Ryan Naraine, Contributor

I'm still working on that follow-up story on how Yahoo completely screwed up the flaw disclosure process (waiting to give Yahoo a chance to comment) and caused exploit code to be publicly released but, in the meantime, Yahoo Messenger users should know that a patch is now available and ready for download.

Over the next several weeks, users worldwide will be prompted to update to a new version of Yahoo! Messenger upon signing into the service. If you choose not to update and you have not updated via this page or at messenger.yahoo.com, the vulnerability will still exist.

Yahoo will keep prompting the user to apply the patch everytime a login attempted but it's important to note that this patch is not automatically distributed to end users.

Now that exploit code is available and an attack requires very minimal user action, I believe Yahoo should force a mandatory upgrade to ensure this patch is applied by everyone logging into the service. There is a precedent already established for mandatory IM client upgrades during a security threat.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

GOTRAX 4 electric scooter

The Jackery Explorer 1000 is one of the best portable power stations you can buy, and it's on sale

AI coding concept

Can Meta AI code? I tested it against Llama, Gemini, and ChatGPT - it wasn't even close