PDA

View Full Version : Yahoo Messenger security update


jdh
June 9th, 2007, 09:35 AM
2 Yahoo! Messenger vulnerabilities (with PoCs)

http://isc.sans.org/diary.html?storyid=2943&rss

DH

jdh
June 10th, 2007, 01:54 AM
BTW the update to Yahoo Messenger also downloaded and installed Adobe Flash Player. It apparently overwrote my existing Flash plugin in Firefox (and probably MS IE too). I don't know whether the Flash version I had was earlier, same or later than the one that Yahoo installed, but the one that Yahoo installed was definitely NOT the latest Flash update.

Maybe I'll update Flash again to be safe and anyway Flash is a much smaller download than Yahoo Messenger.

Seems to me that things are now even more confusing than back in the bad old days of Windows 3.1, you never know where you stand wrt updating and DL and installs of security fixes. Back then Word macros were the disease vectors :(

I don't know how the heck to check on what version of Flash I have besides going to:

http://www.macromedia.com/software/flash/about/

Is there some kind of Flash control somewhere to "check for updates"?, what a PITA.

Oops maybe it only updated Flash in MS IE. I'll check and come back here.


DH

jdh
June 10th, 2007, 01:59 AM
The Yahoo Messenger 8.1 update actually apparently did correctly update Flash plug in for MS IE to version 9.0.45.0 from 9.0.28.0 or so, so not Yahoo's mistake. Now I have to update Flash for Firefox :(

DH

jdh
June 10th, 2007, 04:02 AM
2 Yahoo! Messenger vulnerabilities (with PoCs)

http://isc.sans.org/diary.html?storyid=2943&rss

DH

Yahoo! Messenger exploits seen in the wild

http://isc.sans.org/diary.html?storyid=2952&rss

Bad guys are practicing due diligence, only 3 days to launch attacks.

DH

Lindsey
June 10th, 2007, 10:05 PM
Seems to me that things are now even more confusing than back in the bad old days of Windows 3.1, you never know where you stand wrt updating and DL and installs of security fixes.
Amen!! I think Microsoft expects that you won't try to manage it yourself, you'll just trust them to update you automatically. :eek:

--Lindsey