The Australian Computer Emergency Response team (AusCERT) has warned its members of the vulnerabilities in Yahoo Messenger version 5,0,0,1064 today, following the US-based Computer Emergency Response Team (CERT) issuing an advisory on the flaws. Users should upgrade to version 5,0,0,1065 or later.
AusCERT said it chose to alert member because of the combination of the fact that it's got wide usage and because -its possible people are pretty much executing [malicious] code on users' machines".
-Instant messaging is very widely used, at least in non-business environments," Robert Mead, AusCERT coordination centre manager pointed out, therefore the alert is perhaps important more for the general public. However, because from a business perspective it's hard to prevent workers from downloading it from the Net onto their machines and people could be attacking company network from the inside, AusCERT saw it as necessary to alert its customers to the flaws, he added.
Businesses need to ask themselves, policy-wise, whether staff should be using IM applications for business reasons, according to Mead. -Businesses that have a policy for using instant messaging should get staff to update them," he added.
-There are multiple vulnerabilities in Yahoo! Messenger. Attackers that are able to exploit these vulnerabilities may be able to execute arbitrary code with the privileges of the victim user. We have not seen active scanning for these vulnerabilities, nor have we received any reports of these vulnerabilities being exploited..." the CERT advisory stated.
According Jupiter Media Metrix, 16 percent of workers with access to the Internet will be using Instant Messaging (IM) by the end of the year, with that figure expected to reach 46 percent by the year 2005. In Australia MSN Messenger dominates all segments of the market with Jupiter statistics indicating that MSN Messenger controls 51 percent of the instant messenger install base in the workplace, followed by ICQ (29 percent), Yahoo (12 percent) and AIM (6 percent).
Why not have Optus mobile coverage for Yahoo! Messenger? All the other carriers are included except for Optus. I may use my Vodafone SIM to get into Yahoo! Messenger.