AOL Working On Patch For Instant Messenger Vulnerability

Latest News | News Archive |

Posted by: Tweaker
Date added: 08:52, 28th September 2007 GMT
Source: Information Week

America Online is working on a critical patch for the company's highly popular AIM application. Researchers at Core Security Technologies Wednesday disclosed a bug that could enable a remote hacker to execute malicious code, exploit Internet Explorer bugs, and inject scripting code in the IE browser. The researchers noted that all of the vulnerable AIM clients include support for enhanced message types that enable AIM users to take advantage of HTML to customize text messages with different fonts and colors. "We have addressed the issues that Core Security has brought to us on the server side. We are comfortable with the server side fixes we have in place, but we are also working on a client fix," said an AOL spokeswoman.

According to Core Security, the vulnerability affects AIM V6.1, as well as the V6.2 beta, which is the latest version of AOL's instant messaging application. It also affects AIM Pro, the instant messaging version for corporate users, and AIM Lite, a simplified version of the client application. "This vulnerability poses a significant security risk to millions of AIM users. Core Security has alerted AOL to this threat and has provided full technical details about the vulnerability so that they can address it in their products," said Ivan Arce, CTO at Core Security.

  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!    Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

[  To top | Latest News | News Archive | ]