Security firm warns of AIM vulnerability risk
Boston (MA) - Core Security Technologies says that a critical flaw in AOL’s instant messenger application has still not been fixed, despite the online company’s remarks to the contrary.
CST says the security hole could allow malicious users to remotely seize control of a fellow user’s computer. Even though AOL says this problem has been fixed, CST’s chief technology officer Ivan Arce claims the vulnerability could still be manipulated.
"I would say this is critical, this is very serious," he said. AOL spokesperson Eric Gifford, however, says users are "completely safe". The flaw reportedly affects versions 6.1 and 6.2, which are new versions of the software that are still in beta mode.
The security firm says the flaw can be manifested through the use of enriched media messaging, including stuff like emoticons. Some of these media files rely on Internet Explorer, without the necesary safeguards, contends the firm.
Core Security Technologies warned that the same kind of flaw could be found in other applications that have IE embedding, but said that Yahoo Messenger and MSN Messenger are not at risk.
- Game Review - Halo 3 delivers
- A sticker that can lock down notebooks
- Halo 3 gamers going ballistic over scratched game discs
- CD-ROM drives turned into portable lab kits
- Microsoft to buy $300 - $500 million stake in Facebook
- Amazon opens DRM-free music store
- Motorola to show WiMax chipset for handheld devices
- Mac Office 2008 prices and packages announced
- Facebook targeted over child safety
- Intel pushing for global WiMax adoption in 2008
- Sprint says it won't subsidise WiMax hardware
- Microsoft cashes in: Halo 3 rakes in $170 million on first day
- Excel 2007 bug messes up calculations
- Specialized computer needs growing amid power efficiency concerns
- Low-Energy Bulbs to Steal Spotlight by 2012
- Britons Spending More Time Online Than Ever
- Kilkenny PodCamp
- Study Brands UK Broadband Among The Slowest in the EU
