![]() ![]() " are less likely to be secure and less likely to be on a protected network. ![]() "IM gets adopted more widely at home and at work now, and the bigger the network, the bigger the problem is," he said. Sethumadhavan said on Monday that the flaw was discovered on 10 April.Īn attacker can take advantage of the flaw by sending a specially crafted address and using a social engineering attack to get a victim to place the mouse over the imported address.Ī Yahoo representative could not immediately be reached for comment.ĭon Montgomery, vice president of marketing at Akonix, told SC Magazine that vulnerabilities on IM platforms are a growing problem. ![]() The code can be used for a DoS attack when Yahoo loads a specially crafted address book entry. Meanwhile, researcher Rajesh Sethumadhavan released proof-of-concept buffer overflow exploit code for a flaw in Yahoo Messenger version 8.1. trillian Latest Breaking News, Pictures, Videos, and Special Reports from The Economic Times. If an application isn’t coded properly, attackers can abuse this remote access to compromise a system." "URI handlers can allow remote access to applications on a user’s system. Most developers don’t realize that by registering a URI handler with Windows, they are significantly increasing their attack surface," he said via email. "We’ve basically encountered a ‘perfect storm’ when it comes to URI handlers. Rios told that he and his colleagues have been researching URI flaws for a year and found that they are "rampant." According to the outlet, Harris played as a quarterback at Mission Viejo High School who visited several colleges such as USC. Secunia ranked the flaws, both of which exist in Trillian Basic 3.1.6.0, as "highly critical," meaning that they can be exploited from a remote location.įrSIRT ranked both flaws as "critical." A Trillian representative could not immediately be reached for comment. Trillian Harris’ name appeared in a 2018 report by Los Angeles Times. The flaw can be exploited by attackers by tricking a user into following a specially crafted "aim://" URI file, according to the Danish vulnerability clearinghouse. The second vulnerability occurs within the processing of "aim://" URIs in the aim.dll plugin. The vulnerability could be exploited by a remote attacker to take control of a targeted system, according to Secunia. EWN - South African news: access breaking news alerts, sport, business, entertainment, opinion, multimedia and cartoons. The first flaw is due to an input validation error in the "ini=" parameter supplied via "aim://" URIs. "It’s time we showed another example of how dangerous these URI handler vulnerabilities can be…" said the trio, detailing the flaws on the website. Trillian whistleblower Mothepu says she feels vindicated by state capture report By Kgomotso Modise During her testimony, Mothepu told the commission that her former boss and then CEO of Trillion. Researchers Billy (BK) Rios, Nate Mcfeters, and Raghav "the Pope" Dube released proof-of-concept exploit code for two zero-day flaws in the Trillian instant messaging platform. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |