1 min read

Yahoo Closes Zero-Day YIM Hole

Bogdan BOTEZATU

December 07, 2011

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Yahoo Closes Zero-Day YIM Hole

Earlier today we got an update from Yahoo that the issue we reported in a previous blog post has been fixed. As of the moment, YIM users running version 11.x of the instant messaging client are not vulnerable to the status-change mechanism anymore.

If you are running a vulnerable version of the product (all releases in version 11, including the latest version of the kit), you should know that you don’t have to download and install anything, as the fix has been applied server-side.

Bitdefender discovered the flaw last Friday as part of a forensic investigation on a customer’s machine. We immediately notified the affected vendor and other antivirus companies about the new threat and provided proof of concept code as basis for issuing a fix.

tags


Author


Bogdan BOTEZATU

Bogdan is living his second childhood at Bitdefender as director of threat research.

View all posts

You might also like

Bookmarks


loader