Yahoo Messenger patch ready, but it's not mandatory

Summary:I'm still working on that follow-up story on how Yahoo completely screwed up the flaw disclosure process (waiting to give Yahoo a chance to comment) and caused exploit code to be publicly released but, in the meantime, Yahoo Messenger users should know that a patch is now available and ready for download.Over the next several weeks, users worldwide will be prompted to update to a new version of Yahoo!

I'm still working on that follow-up story on how Yahoo completely screwed up the flaw disclosure process (waiting to give Yahoo a chance to comment) and caused exploit code to be publicly released but, in the meantime, Yahoo Messenger users should know that a patch is now available and ready for download.

Over the next several weeks, users worldwide will be prompted to update to a new version of Yahoo! Messenger upon signing into the service. If you choose not to update and you have not updated via this page or at messenger.yahoo.com, the vulnerability will still exist.

Yahoo will keep prompting the user to apply the patch everytime a login attempted but it's important to note that this patch is not automatically distributed to end users.

Now that exploit code is available and an attack requires very minimal user action, I believe Yahoo should force a mandatory upgrade to ensure this patch is applied by everyone logging into the service. There is a precedent already established for mandatory IM client upgrades during a security threat.

Topics: Social Enterprise

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.