AOL Working On Patch For Instant Messenger Vulnerability

America Online is working on a critical patch for the company's highly popular AIM application. Researchers at Core Security Technologies Wednesday disclosed a bug that could enable a remote hacker to execute malicious code, exploit Internet Explorer bugs, and inject scripting code in the IE browser. The researchers noted that all of the vulnerable AIM clients include support for enhanced message types that enable AIM users to take advantage of HTML to customize text messages with different fonts and colors. "We have addressed the issues that Core Security has brought to us on the server side. We are comfortable with the server side fixes we have in place, but we are also working on a client fix," said an AOL spokeswoman.

According to Core Security, the vulnerability affects AIM V6.1, as well as the V6.2 beta, which is the latest version of AOL's instant messaging application. It also affects AIM Pro, the instant messaging version for corporate users, and AIM Lite, a simplified version of the client application. "This vulnerability poses a significant security risk to millions of AIM users. Core Security has alerted AOL to this threat and has provided full technical details about the vulnerability so that they can address it in their products," said Ivan Arce, CTO at Core Security.

News source: InformationWeek

Report a problem with article
Previous Story

Verizon Wireless to Allow Abortion Texts

Next Story

Microsoft extends Windows XP's stay

5 Comments

Commenting is disabled on this article.

thanks for the info.

but seriously ... people still use the official AIM client?

p.s. also, i think it's safe to say anything with the name "aol" on it is generally not a good thing... as im sure alot of people on this forum would agree with.

ThaCrip said,
thanks for the info.

but seriously ... people still use the official AIM client?

p.s. also, i think it's safe to say anything with the name "aol" on it is generally not a good thing... as im sure alot of people on this forum would agree with.

You took the words right out of my mouth; I can't use the client because I am on Solaris but even when on Windows, I prefer using Pidgin to it.

Pidgin 2.2.0 works extremely well; but I always asked, apart from Americans, who on earth uses AIM/AOL? most people out side the US of A use MSN or Yahoo - biased mainly towards MSN.