AOL Issues Security Update
America Online has shipped a security update for its millions of users to fix a flaw in the way the Internet service provider's Web browser processes certain types of image files -- a vulnerability that could let attackers install malicious software on a user's machine.
The flaw resides in the way AOL's browser handles files ending in ".art", an image file format used by AOL's software. A hacker could attack AOL users just by getting them to visit a Web site that invokes a .art image. Making the vulnerability worse, according to an advisory from vulnerability research firm iDefense, a unit of Verisign Inc., is that the malicious file or image "does NOT need to have an .art extension to be rendered by the vulnerable library. Any extension can be used, provided the image is loaded via an IMG SRC tag in an HTML document in Internet Explorer."
The underlying problem affects AOL versions 9.0 and earlier. AOL says subscribers who are currently using AOL 9.0 just need to log in to the service and the fix will be applied to their systems automatically. AOL urges users who are currently using an earlier version of AOL to upgrade to AOL 9.0 Security Edition.
The comments to this entry are closed.