/>
X
Tech
Home Tech Security

Yahoo releases critical security patch for IM

Patch for Messenger addresses zero-day exploits that take advantage of vulnerabilities in its Webcam ActiveX controls.
Written by Dawn Kawamoto, Contributor
Yahoo has issued a critical security patch for Messenger to address zero-day exploits that take advantage of vulnerabilities in its Webcam ActiveX controls.

The exploits to instant messaging surfaced Wednesday, less than 24 hours after the vulnerabilities were first reported to Yahoo by eEye Digital Security.

Messenger users' computers could be at risk if they visit malicious Web sites or view other malicious HTML code. The attackers could then exploit security flaws in the Yahoo Webcam ActiveX control, a software package that is downloaded with Messenger.

eEye Digital Security discovered the flaw and reported it to Yahoo earlier this week. eEye gave the problem its highest risk rating; fellow security company Secunia did the same, labeling it "extremely critical." Yahoo issued the patch in an update on Thursday.

Yahoo's advisory on the problem states that anyone using a version of Messenger obtained before Friday should download the update.

In December, Yahoo issued a "highly critical" update to address another ActiveX security flaw in Messenger. The vulnerability was found in the ActiveX control for Yahoo's services suite, which could be exploited to launch a buffer overflow attack.

Editorial standards
Show Comments

Related

GOTRAX 4 electric scooter

My search for the best cheap Android tablet is over

A from-behind view of a man and woman on a couch, watching a movie on an LG OLED TV

OLED breakthrough could mean cheaper TVs

Google Gemini website on laptop reads, welcome to the Gemini era

What is Gemini? Everything you should know about Google's new AI model