Yahoo issues emergency patch on messaging software
Last Updated: Monday, June 11, 2007 | 3:30 PM ET
CBC News
Related
External Links
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
Yahoo Inc. has rushed out an updated version of its popular instant messaging software after learning that a flaw in the software could let an attacker hijack a user's computer.
Versions of Yahoo Messenger for computers that run on Microsoft Corp.'s Windows operating system and that were downloaded before June 8 are vulnerable to the flaw, discovered by eEye Digital Security of Aliso Viejo, Calif., about 80 kilometres south of Los Angeles.
Yahoo released its patch on Friday.
The vulnerability involves components of the software, which is used to stream data to other people from a user's webcam, according to eEye.
The files are used when transmitting video and audio from a webcam to or from
Yahoo Messenger users, but can be activated by any website, eEye said.
An attacker could log users out of their chat sessions, crash programs or even take control of the victim's computer by tricking them into visiting a specially crafted web page.
"What you'd be able to do is anything you want with the same level of access as the user" being attacked, Marc Maiffret, eEye's chief technology officer, told CBC News Online.
"This is similar to flaws we've seen targeting the actual desktop," Maiffret said. "Antivirus software won't work because there are no malicious files associated with it.
"It happens pretty instantaneously — within a few seconds," Maiffret said of the attack, noting that most people wouldn't even realize that their computer has been attacked. "The most you would observe would be our Yahoo Messenger might crash. … That wouldn't be enough to most people to indicate you've been compromised. Software crashes are pretty common."
Maiffret said that because most antivirus and security software is incapable of detecting this type of flaw, his company was offering a free version of its professional security software for home users, Blink Personal.
The tool can detect and prevent attacks of the type unpatched versions of Yahoo Messenger are vulnerable to, and collects anonymized data on attack attempts that eEye can analyze to develop countermeasures, Maiffret said.
In a notice posted on its website, Yahoo said that over the next few weeks it would be alerting users of Yahoo Messenger about the security update when they sign on to the chat service.
Share Tools
Top News Headlines
- Everest victim's husband says family not seeking government help
- The husband of a Toronto woman who died trying to climb Mt. Everest on Saturday says his family is not seeking government help to cover the cost of bringing his wife's body home. more »
- B.C. premier unhappy with disgraced Mountie's transfer
- B.C. Premier Christy Clark says she is not happy with the RCMP decision to transfer a disgraced Alberta Mountie to the West Coast. more »
- Henrique's OT goal sends Devils into Stanley Cup final
- The New Jersey Devils will vie for a potential fourth Stanley Cup in franchise history after defeating the New York Rangers in six games in the Eastern final, courtesy of rookie Adam Henrique's goal early in overtime. more »
- Employment Insurance review boards to be scrapped
- The federal government is scrapping two review boards used by people appealing decisions made about their employment insurance. more »
Latest Technology & Science News Headlines
- Unloading of docked SpaceX capsule to start Saturday
- The privately bankrolled SpaceX Dragon capsule made a historic arrival at the International Space Station on Friday, and astronauts will begin unloading some of the 544 kilograms of food, water, clothing and other supplies its carrying starting Saturday. more »
- South Africa, Australia to share world's largest telescope
- South Africa and Australia will jointly host the Square Kilometre Array, which promises to be the world's largest telescope, the international consortium in charge of the project said Friday. more »
- Bonavista, N.L., 'coyote' was really wolf, tests confirm
- Wolves have not been seen in Newfoundland since around 1930 and were believed to have been hunted to extinction on the island, but genetic tests have confirmed that an 82-pound animal shot on the Bonavista Peninsula in March was, in fact, a wolf. more »
- Once-rare argus butterfly thriving thanks to climate change
- Global warming is threatening the existence of many species, such as the giant polar bear, but in the case of Britain's brown argus butterfly, it took a species in trouble and made it thrive. more »
- Yahoo scraps digital magazine designed for iPad
- Yahoo has killed Livestand, a tablet magazine, just six months after its debut on the iPad. more »
Bob McDonald's Blog
Government to shut down unique fresh water research area May. 25, 2012 12:31 PM The Experimental Lakes Area research facility in Northern Ontario is being closed down after 44 years of providing invaluable data to scientists in Canada and internationally, a decision that has stunned researchers and environmental groups.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 25, 2012 4:15 PM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Aylmer triple stabbing leads to first-degree murder charges
- Everest victim's husband says family not seeking government help
- B.C. premier unhappy with disgraced Mountie's transfer
- Third B.C. salmon farm quarantined
- What a Greek euro exit could mean for Canada
- RCMP officer charged in fatal crash
- Canada ending 'Buffalo shuffle' for visas, closing consulate
- Reclaiming the dead on Mt. Everest
- Employment Insurance review boards to be scrapped
