14 DAY TRIAL // One week ago, it was discovered that Yahoo Messenger contains two security holes in its webcam support that might allow an attacker to obtain higher privileges on an affected computer. At that time, the security companies from all over the web encouraged users to avoid using the YM webcam functions or at least, to use the features only with the trusted consumers. Everyone was waiting for the official update to be rolled out by the parent company Yahoo because it was the only one which was able to bring the functionality back. Well, it is finally here so, if you want to use the webcam support and remain secure in the same time, you should update your Yahoo Messenger now.
According to the security notification published by Yahoo, all the users who installed the application before August 21, 2007 should update the application to the recently release version. "If your computer has installed Yahoo! Messenger before August 21, 2007, you should install the update. Installing the update helps protect against exploits of this issue that may be developed," it is mentioned in the advisory.
As usual, the update is distributed through the auto-update function implemented in Yahoo Messenger but you are also able to fix the patch manually by downloading the latest version of the application.
"A denial-of-service attack (also known as DoS attack) is an attack on a computer system that causes a loss of service to users. For this specific security issue, the Yahoo! Messenger exits unexpectedly after accepting a webcam invitation from a malicious attacker. Some impacts of a buffer overflow might include the introduction of executable code, being involuntarily logged out of a Chat and/or Instant Messaging session, and the crash of an application such as Yahoo! Messenger."
"For this specific security issue, these impacts could only be possible if an attacker is successful in prompting the Messenger user to accept a webcam invitation," the folks working at the Sunnyvale company tried to describe the vulnerability.