Network News

X My Profile
View More Activity

AOL Issues Security Update

America Online has shipped a security update for its millions of users to fix a flaw in the way the Internet service provider's Web browser processes certain types of image files -- a vulnerability that could let attackers install malicious software on a user's machine.

The flaw resides in the way AOL's browser handles files ending in ".art", an image file format used by AOL's software. A hacker could attack AOL users just by getting them to visit a Web site that invokes a .art image. Making the vulnerability worse, according to an advisory from vulnerability research firm iDefense, a unit of Verisign Inc., is that the malicious file or image "does NOT need to have an .art extension to be rendered by the vulnerable library. Any extension can be used, provided the image is loaded via an IMG SRC tag in an HTML document in Internet Explorer."

Computers running Microsoft Windows are potentially vulnerable, since Internet Explorer displays ART images. But Microsoft issued a patch in June to fix this problem.

The underlying problem affects AOL versions 9.0 and earlier. AOL says subscribers who are currently using AOL 9.0 just need to log in to the service and the fix will be applied to their systems automatically. AOL urges users who are currently using an earlier version of AOL to upgrade to AOL 9.0 Security Edition.

By Brian Krebs  |  September 13, 2006; 9:57 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Apple, Microsoft Release Software Patches
Next: Zotob Worm Authors Behind Bars

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company