Webcam Chats With Strangers Could Trigger Yahoo Messenger Attack

McAfee's Avert Labs has called out a zero-day trick that could be used by hackers to attack users of Yahoo Messenger. While a fix isn't ready at this time, end users can easily avoid the problem if they don't accept webcam invites from untrusted sources. The threat is the latest in a growing trend of IM-based attack vectors.

McAfee has confirmed a zero-day vulnerability in Yahoo's popular instant messaging solution, Yahoo Messenger. McAfee's Avert Labs is a security research firm designed to tackle security issues as soon as they trickle into the world, and the crew first noticed the potential flaw on a post on a Chinese-language security forum.

The flaws, according to McAfee, allows for a user-assisted remote code execution attack, meaning an IM user has to act in response to a prompt from a hacker in order for the attack to proceed.

McAfee Avert Labs reproduced the vulnerability on Yahoo Messenger version 8.1.0.413.