Yahoo releases critical security patch for IM

Cyber attackers can exploit Webcam ActiveX vulnerabilities in unpatched versions of Yahoo Messenger.

Yahoo has issued a critical security patch for Messenger to address zero-day exploits that take advantage of vulnerabilities in its Webcam ActiveX controls.

The exploits to instant messaging surfaced Wednesday, less than 24 hours after the vulnerabilities were first reported to Yahoo by eEye Digital Security.

People could find their systems at risk if they visit malicious Web sites or view other malicious HTML code. The attackers could then exploit security flaws in the Yahoo Webcam ActiveX control, a software package that is downloaded with Messenger.

eEye Digital Security discovered the flaw and reported it to Yahoo earlier this week. Yahoo issued the patch on Thursday.

In December, Yahoo issued a "highly critical" update to address another ActiveX security flaw in Messenger. The vulnerability was found in the ActiveX control for Yahoo's services suite, which could be exploited to launch a buffer overflow attack.

Editor's note: The security update for Yahoo Messenger for Windows requires a full re-installation of the program. You can learn more from Yahoo's June 7 security update about Yahoo Webcam ActiveX controls.