14 DAY TRIAL // A security flaw in the AIM instant messaging client, discovered a few months ago, has recently been patched, AOL proudly announced. But it seems like the users are still at risk, as some researchers managed to prove. It's pretty simple to show that AIM is still vulnerable: all you need to do is to find a way to exploit the glitch and to obtain complete control over an affected system. And according to Wired, somebody could easy do this, since security experts have revealed that AOL's fixes were not enough for a complete protection of the user.
"Instead of locking down the AIM client, they add filters in the server. Filtering in the server will never be enough. It's like a cat and mouse game," security researcher Aviv Raff told Wired. AIM 6.5 seems to be the only version vulnerable to attacks, but there is no confirmation regarding this matter.
What's more interesting is that AOL, the parent company and owner of AIM, said the patch was powerful enough to protect the users and that there was no additional glitch in the instant messaging client.
"We have taken steps to protect users from this known and reported issue. We feel confident we have gotten all the problem issues resolved," AOL spokesman Ring Giffor said, according to the same source mentioned above.
Now, where's the truth? Sure, we may be tempted to believe the parent company, because it is the owner of the application and it knows the best what's happening with the instant messenger. On the other hand, when we have such evident signs of exploits, our trust goes to the security researcher.
A few days ago, AOL and the super search giant Google managed to complete the implementation of AIM in the Gmail interface, an interoperability which now allows all the consumers, registered for the Google mail service, to communicate with the AIM contacts straight from the mail interface.