/>
X

Trillian critical security update released

"Highly critical" flaw patched in Cerulean Studios' multi-protocol chat software, which supports several popular IM services.
zd-defaultauthor-dawn-kawamoto.jpg
Written by Dawn Kawamoto on
Cerulean Studios on Monday released a "highly critical" security update for its Trillian multi-protocol chat software.

Attackers could exploit vulnerabilities in the character encoding for Trillian 3.1.5.1--specifically, the word-wrapping handling of UTF-8, the Unicode Transformation Format used for encoding characters in e-mail, instant messages and Web pages, iDefense Labs warned in its security advisory. The vulnerabilities potentially could affect earlier versions of the Trillian software as well, iDefense said.

Trillian, which supports Yahoo's Instant Messenger, AOL's AIM, MSN Messenger, and Internet-relay chat and ICQ ("I seek you") instant-messaging protocols, could be exploited if users view a malicious message containing an unusually long UTF-8 string. Attackers could then potentially launch a buffer overflow and remotely gain control of a user's system, according to Secunia, which rates the security flaws as "highly critical."

Cerulean Studios has released an update, version 3.1.6.0, to Trillian. iDefense noted that while it identified the MSN protocol as a potential attack vector for the vulnerabilities, other supported protocols may be vulnerable.

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
Samsung phone deal: Get the Galaxy S22 Ultra for $299
1296x729-29

Samsung phone deal: Get the Galaxy S22 Ultra for $299

Smartphones
The best iPhone deals available right now: July 2022
iphone 12 vs iphone 11 cnet.jpg

The best iPhone deals available right now: July 2022

iPhone