We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,713 News Articles

Fix available for Yahoo Messenger video exploit

Yahoo updates free instant messaging tool

Yahoo Messenger has been updated to fix a bug that hackers could exploit by sending video chat invitations to unwary users.

The vulnerability, which surfaced last week in a posting to a Chinese security forum, could be exploited by duping a user into accepting a malicious webcam invitation, McAfee said on August 15.

In its advisory, Yahoo said that it had actually patched two bugs, the heap overflow disclosed last week and a previously unknown denial-of-service (DoS) issue that also involves Messenger's video chat feature. Speaking of the latter, Yahoo's alert said: "For this specific security issue, Messenger exits unexpectedly after accepting a webcam invitation from a malicious attacker."

Unlike the buffer overflow flaw, the DoS vulnerability would not give an attacker the chance to sneak his own malicious code onto the PC.

Messenger 8.1.0.416 is the summer's second patched-up IM client for Yahoo. In June, eEye Digital Security fingered Messenger for two other critical flaws in the webcam feature. Then, Yahoo patched the bugs considerably faster: It released a fix just a day after the flaws went public. According to McAfee researcher Wei Wang, August's video vulnerability wasn't connected to the older June bugs.

Messenger users can download the patched version immediately, or wait for the software's auto-update to kick in. Yahoo acknowledged that it may take weeks for the update to be fully deployed. "Over the next several weeks, users worldwide will be prompted to update to a new version of Messenger upon signing into the service," Yahoo's advisory read.


IDG UK Sites

LG G Watch review: Android Wear smartwatch is the best around, so far

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

See Glasgow 2014 in UHD as history is made