We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

AOL security risk blocked

Instant message hole patched

A security hole in ISP America Online's instant messenger service, AIM, which may have let hackers gain access to thousands of subscribers' machines, has now been resolved.

"Users should not be concerned. There was a hole, which we have now fixed in our server," said AOL spokesman Andrew Weinstein. "There is no need to download any patches."

The hole, discovered by US security firm w00w00, threatened to leave thousands of AOL's subscribers running the Windows version of AIM (all versions up to and including 4.7) open to attack.

"The implications of this vulnerability are huge and leave the door wide open for a worm," said w00w00, which notified AOL of the hole over the Christmas period.

The flaw lay in the applications that allow users to add people to their buddy lists and play online games.

The so-called 'buffer overflow' problem, was similar to that found in Windows XP's plug and play facility earlier this week, allowing hackers to take complete control of the victims' computer.

"There are two primary risks [from the hole]," said Matt Conover founder of w00w00. "One is that someone will specifically target you for attack. The second would be a worm that will attack you, read your buddy list, and then attack them. This would allow an attacker to gain entry to your machine and do anything."

AOL said it did not know at this stage how any subscribers had been affected, but assured users that the problem had been resolved.

The giant ISP hit out at w00w00, saying its publication of the hole left users open to a higher risk of attack.

But Conover said it released the information in case AOL didn't and users needed to know. He said AOL had not readily made available numbers for its instant messenger development team or security personnel.

"If we had received a response [to our email] then we would have allowed them the time they needed," he added.


IDG UK Sites

5 reasons not to wait for the Apple Watch: Why you shouldn't buy the iWatch

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How Emotional Debt is damaging digital design

IDG UK Sites

How to update your iPhone or iPad to iOS 8: including how to install iOS 8 if you don't have room