McAfee's Wei Wang warns Yahoo Messenger users about the zero-day flaw in a McAfee blog post. After initial reports on a Chinese security forum, McAfee today confirmed that a flaw did exist in the most recent version of Yahoo Messenger.
The security flaw is described as a 'heap overflow' and for it to be exploited a computer needs to accept a webcam session invite. This may be a perfect opportunity for virus makers, who often use pornography as a bait to lure people in.
The vulnerability is similar to a previous Yahoo Messenger flaw which was fixed back in June, but not the same, McAfee said. Until a patch has been issued, Yahoo is urging users to be restrictive when it comes to accepting webcam invites.