TechnologyAccounting SoftwareYahoo bug puts 60 million users at risk

Yahoo bug puts 60 million users at risk

The latest version of the popular Yahoo Instant Messenger software has been hit by multiple vulnerabilities which may allow an attacker to hijack another user's machine - putting 60 million users at risk.

According to security researcher Phuong Nguyen, of security firm Vice Consulting, the flaws allow unauthorised execution of programs on an instant messenger user’s machine via buffer overflows or injections of Java or Visual Basic script in the instant messenger content tabs.

‘The net impact is to allow a relatively simple opportunity to hijack users’ YIM client outright, and use it to attack or intrude into YIM users’ supposedly private information systems,’ said Nguyen.

Nguyen explained that potential attackers could use the exploits to request a YIM user’s ID and password and send it to an email address or internet URL, with minimum user intervention required.

Malicious code could readily be hidden in HTML pages or emails with text or images enticing YIM users to click on them.

Yahoo has responded quickly to the threat and has made a patched version of the software available for download on its website.

However, the repaired version will remove some functionality from the software until Yahoo can rewrite it with sufficient security.

The patched version can be downloaded here.

Related Articles

5 key tech innovations helping accountants transform their businesses

Accounting Software 5 key tech innovations helping accountants transform their businesses

3w Heather Darnell, Founder of Ask the BOSS
Finance and the tech foundation: what’s needed to deliver impactful business insights?

Accounting Software Finance and the tech foundation: what’s needed to deliver impactful business insights?

3m Workday | Sponsored
Best accounting software for businesses in the UK

Accounting Software Best accounting software for businesses in the UK

3m Accountancy Age, Reporters
Making sense of enterprise tech concepts for finance teams

Accounting Software Making sense of enterprise tech concepts for finance teams

4m Workday | Sponsored
Open Banking: what you need to know

Accounting Software Open Banking: what you need to know

4m Edward Berks, Xero
Accountancy in the digital age: Flexibility, agility, efficiency

Accounting Software Accountancy in the digital age: Flexibility, agility, efficiency

6m Pegasus Software | Sponsored
Sage purchases Intacct in its largest ever acquisition

Accounting Software Sage purchases Intacct in its largest ever acquisition

10m Alia Shoaib, Reporter
5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

10m Alia Shoaib, Reporter