Yahoo patches IM security hole
Published: 16 Aug 2004 10:30 BST
Yahoo issued a security patch to fix a potential vulnerability in its latest instant messaging software, the company said on Friday.
The patch, first posted to the Web late last Thursday, repairs a security hole stemming from Yahoo Messenger's use of the portable network graphics -- or PNG -- format, an open-source code the program uses to display certain images, such as buddy list avatars.
The most critical issue, a memory problem known as a buffer overflow, could allow specially created PNG graphics to execute malicious programs when a vulnerable application loads an image.
Yahoo posted a security update on its Yahoo Messenger site.
"This affects users on the all new Yahoo Messenger," said Yahoo spokeswoman Terrell Karlsten. She added that the patch will not change any functionality on the service.
The site pointed specifically to a warning issued last week by the United States Computer Emergency Readiness Team's Web site about the PNG vulnerability.
The security problems are in a library that lets applications such as browsers and instant messaging software handle PNG. The library is widely used by programs such as the Mozilla and Opera browsers and various email clients, but has also found its way into Microsoft's Internet Explorer, Apple's Mail software for the Mac OS X and Yahoo Messenger for Windows. Most of these applications have been patched.
Did you find this article useful?
85 out of 152 people found this useful
- Share this article:
