 |
 Security flaw fixed in Yahoo Mail
December 11, 2003
According to Finjan Software, Yahoo's mail service has fixed a security flaw that could have enabled an attacker to send an e-mail containing malicious script and that code would run automatically once the victim opened the message.
If successful, an attacker could delete, modify or steal any sensitive or personal information such as usernames, passwords, credit card numbers and any other data, gaining full control of a user's machine.
"The potential was huge, you could infect millions of Yahoo users within an hour," said Shlomo Touboul, Finjan's chief executive officer, adding that the script code can be written in various programming languages, including Java, Java Script and Visual Basic Script, so almost every type of operating system and browser could be infected.
Yahoo has now taken steps to block most of the scripts in its e-mail service, claims Mary Osako, Yahoo spokeswoman. "Yahoo was informed of an issue in Yahoo Mail on 11 November and quickly implemented a server-side fix which did not require users to take any action. We are unaware of any users who were affected by the issue which no longer affects Yahoo Mail," she said in a statement.
However, there're still security problems to deal with at Yahoo - last week researchers warned of a buffer overrun flaw in Yahoo's instant messaging product that could allow attackers to run their own code on computers running the software.
|
|
