You are here

HomeBrandon Dimmel › Big Security Holes Found in AOL's Instant Messenger

Big Security Holes Found in AOL's Instant Messenger

Dennis Faas's picture
by Brandon Dimmel on October, 1 2007 at 08:10AM EDT

Those still loyal to America Online are aware that the service has had a topsy-turvy history. The once dominant dial-up choice of Americans has struggled as of late with vulnerabilities to its Instant Messenger application, holes that security experts have collectively referred to as a "major vulnerability".

Last Wednesday, analysts at Core Security Technologies revealed that a bug could unleash a series of attacks on an AOL Instant Messenger user, with the most serious side effect being a remote hijack by a hacker. If said hacker were to worm his or her way into the system, Core Security believes he or she would be able to execute malicious code or take advantage of Internet Explorer bugs.

CTO of Core Security Ivan Arce had this to say in a written statement:

"This vulnerability poses a significant security risk to millions of AIM users...Core Security has alerted AOL to this threat and has provided full technical details about the vulnerability so that they can address it in their products. Since we notified AOL, this vulnerability has emerged on several public bug-tracking Web sites. Therefore, we believe it is necessary to bring precise details about this issue to light immediately, so that AIM users and organizations using AIM can be made aware of the threat, assess their risk, and take the appropriate measures to ensure that they are protected." (Source: informationweek.com)

Updating the AOL Instant Messenger service, say from AIM V6.1 to V6.2, won't help. Core Security says both are just as likely to be infected by the threat. Even AIM Pro and AIM Lite, professional and client versions of the Instant Messenger service, respectively, are both affected.

Thankfully for the AOL faithful, a patch to these issues is on the way. Unfortunately, word of this progress -- passed on from a random AOL spokesperson to InformationWeek -- was vague and limited to "technicians are working on the problem." As recently as Friday, media outlets were reporting that AOL was still nowhere near a final solution to the issue. (Source: theinquirer.net)

Filed under:
Security
| Tags:
core security
,
instant messenger
,
aim
,
aol
,
vulnerability
Rate this article: 
No votes yet
Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.