Thursday, September 07, 2006

Bug Found in ICQ Client "AOL"

AOL is advising users of its ICQ instant messaging service to update to the latest version of the ICQ software following the discovery of a bug in an older version of the product.

Security researchers at Core Security Technologies today reported that they had discovered the flaw in ICQ Pro 2003b, a version of the ICQ client that AOL still offers for download and bills as a "veteran version" for users who prefer the earlier look and feel.

Although the bug doesn't affect more recent ICQ software like ICQ 5.1, it could mean serious problems for ICQ Pro 2003b users

Core has also discovered less-critical issues in AOL's ICQ Toolbar 1.3 for Internet Explorer. These flaws could allow attackers to change the toolbar's configuration settings or possibly even run scripting code by sending victims maliciously encoded RSS (Really Simple Syndication) feeds.

AOL says it is working to fix the bugs, but the company classifies them as "minor and low-risk". Any users who are concerned can simply upgrade to the latest version of ICQ or not load suspicious RSS feeds, said an AOL spokesman

No comments: