
Graphical malware stopped in its tracks
By Jim Hu
Published: 16 August 2004 17:15 GMT
Yahoo! issued a security patch to fix a potential vulnerability in its latest instant messaging software, the company has announced.
The patch repairs a security hole stemming from Yahoo! Messenger's use of the portable network graphics - or PNG - format, an open-source code the program uses to display certain images, such as buddy list avatars.
The most critical issue, a memory problem known as a buffer overflow, could allow specially created PNG graphics to execute malicious programs when a vulnerable application loads an image.
Yahoo! posted a security update on its Yahoo! Messenger site.
"This affects users on the all new Yahoo! Messenger," said Yahoo! spokeswoman Terrell Karlsten. She added that the patch will not change any functionality on the service.
The site pointed specifically to a warning issued last week by the United States Computer Emergency Readiness Team's web site about the PNG vulnerability.
The security problems are in a library that lets applications such as browsers and instant messaging software handle PNG. The library is widely used by programs such as the Mozilla and Opera browsers and various email clients, but has also found its way into Microsoft's Internet Explorer, Apple's Mail software for the Mac OS X and Yahoo! Messenger for Windows. Most of these applications have been patched.
Jim Hu writes for CNET News.com
Ability to work with graphics and image-editing programs and knowledge of optimising graphics for the web - Knowledge of mobile industry browser ...
JOB TITLE: Senior Sales Executive - Low Latency Messaging Software SELLING: Ultra low latency app to app messaging software SELLING TO: Financial ...
Manage vulnerability assessments, penetration testing and compliance programs. Experience with threat and vulnerability management systems (Qualys, ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business