Advertisement
Promo

Security threats Toolkit

Yahoo patches IM security hole

Jim Hu CNET News

Published: 16 Aug 2004 10:30 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Yahoo issued a security patch to fix a potential vulnerability in its latest instant messaging software, the company said on Friday.

The patch, first posted to the Web late last Thursday, repairs a security hole stemming from Yahoo Messenger's use of the portable network graphics -- or PNG -- format, an open-source code the program uses to display certain images, such as buddy list avatars.

The most critical issue, a memory problem known as a buffer overflow, could allow specially created PNG graphics to execute malicious programs when a vulnerable application loads an image.

Yahoo posted a security update on its Yahoo Messenger site.

"This affects users on the all new Yahoo Messenger," said Yahoo spokeswoman Terrell Karlsten. She added that the patch will not change any functionality on the service.

The site pointed specifically to a warning issued last week by the United States Computer Emergency Readiness Team's Web site about the PNG vulnerability.

The security problems are in a library that lets applications such as browsers and instant messaging software handle PNG. The library is widely used by programs such as the Mozilla and Opera browsers and various email clients, but has also found its way into Microsoft's Internet Explorer, Apple's Mail software for the Mac OS X and Yahoo Messenger for Windows. Most of these applications have been patched.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
85 out of 152 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Official Organizations Losing Data

How does this article from earlier today make you feel? How many more government, health service, or military officials are going to lose pen drives, DVDs, USB hard disks and even entire... More

1 comment

Twitter hack was DNS redirect

Twitter has said an attack on Thursday which took the site offline for many users was the result of a DNS redirect. A group calling itself the Iranian Cyber Army redirected users... More

1 comment

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Win a BlackBerry with Vlingo voice recognition

Win a BlackBerry with Vlingo voice recognition

What is ZDNet UK's usual tagline?

Competition closes - 14 Jan 2010


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters