According to security researcher Phuong Nguyen, of security firm Vice Consulting, the flaws allow unauthorised execution of programs on an instant messenger user’s machine via buffer overflows or injections of Java or Visual Basic script in the instant messenger content tabs.
‘The net impact is to allow a relatively simple opportunity to hijack users’ YIM client outright, and use it to attack or intrude into YIM users’ supposedly private information systems,’ said Nguyen.
Nguyen explained that potential attackers could use the exploits to request a YIM user’s ID and password and send it to an email address or internet URL, with minimum user intervention required.
Malicious code could readily be hidden in HTML pages or emails with text or images enticing YIM users to click on them.
Yahoo has responded quickly to the threat and has made a patched version of the software available for download on its website.
However, the repaired version will remove some functionality from the software until Yahoo can rewrite it with sufficient security.
The patched version can be downloaded here.
Barclays has partnered with accounting software company Xero to provide businesses with access to transaction data through its direct feed.
Government's estimate of a £400m admin saving from Making Tax Digital is way off - and is instead a huge cost burden, warns Lamont Pridmore chief executive Graham Lamont
Xero unveiled its expanded global partner programme at Xerocon South, the accounting technology conference in Australasia
Accountancy software firm Sage has been hit by a data breach which may have compromised the personal details and bank account details of as many as 300 UK businesses