Sep 27, 2007 12:12 PM

AOL Instant Messaging Client Vulnerable to Exploitation, Uninstall It Now

AOL’s Instant Messaging software, both old and the new beta, contains a security hole that lets anyone who sends you a message to run arbitrary commands and exploit Internet Explorer without the user having to do anything, according to Ryan Naraine at Zero Day. The hole, first reported to AOL more than a month ago, […]

aol running man AOL's Instant Messaging software, both old and the new beta, contains a security hole that lets anyone who sends you a message to run arbitrary commands and exploit Internet Explorer without the user having to do anything, according to Ryan Naraine at Zero Day.

The hole, first reported to AOL more than a month ago, will not be fixed until the middle of October for the millions of people using AOL's AIM client.

AOL claims that the vulnerability, which allows a remote attacker to launch executable code without any user action, has been patched in the latest beta client but, as I’ve confirmed in a test with security researcher Aviv Raff (see screenshot below), fully patched versions of the beta is still wide open to a nasty worm attack.
Production copies of the software, which sits on tens of millions of desktops around the world, are also unpatched.

Anyone running the software should uninstall it and use an alternative, such as a web-based client such as Meebo or a third-party IM client such as Trillian or Pidgin to use an AIM account.

Update: Apple iChat is not vulnerable (thanks to that lower case i in its name, I presume).

Despite AOL’s claim, AIM worm hole still wide open ZDNET's Zero Day blog

Ryan, a former writer for Wired's Epicenter blog, is the editor of the Threat Level blog. ... Read More

Staff Writer

Topicshacks Threat Level

US Takes Down Botnets Used in Record-Breaking Cyberattacks

The Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Justice Department.

Andy Greenberg

Livestream Replay: The War Machine

A panel of WIRED experts dissected the defense tech industry’s impact on modern warfare.

Tim Marchman

Aeronaut Is an Actual Mac App for Bluesky

If you miss social media on your desktop—à la Tweetbot, TweetDeck, or the official Twitter app—then check out this macOS client for Bluesky.

Justin Pot

Your Vape Wants to Know How Old You Are

Companies hope that biometric age-verification tech in cartridges could put flavored vapes back in business. But it's unlikely to solve the real problems.

Boone Ashworth

What’s With the US Ban on Foreign Routers?

The FCC just banned the sale of new consumer-grade Wi-Fi routers manufactured outside the US. Here’s what it means for you.

Simon Hill

You Can Soon Buy a $4,370 Humanoid Robot on AliExpress

Unitree is bringing its R1 to international markets. It arrives with some aerobatic capabilities and an entry-level price, but the question of what you'd actually do with it remains open.

Marco Trabucchi

Tech Companies Are Trying to Neuter Colorado’s Landmark Right-to-Repair Law

A bill in Colorado is a glimpse into the future of how corporations are working to limit the freedom people have to make their own fixes and upgrades.

Boone Ashworth

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

A powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites.

Andy Greenberg

Using a VPN May Subject You to NSA Spying

US lawmakers are pressing Tulsi Gabbard to reveal whether using a VPN can strip Americans of their constitutional protections against warrantless surveillance.

Dell Cameron

I Tested the MacBook Neo and the MacBook Air. Here's Which One You Should Buy

After conducting long-term testing on both the MacBook Neo and MacBook Air, I have a good idea who should buy which laptop.

Luke Larsen

10% Off Exclusive LegalZoom Promo Code for April

Save on top services at LegalZoom, like LLC registration, incorporation, estate plans, and more with coupons and deals from WIRED.

Parker Hall

How to Organize Your Random Box of Cables and the Rest of Your Tech

You will never need that weird charger from 2012. These tips to tidy up your tech will help you sort out your cable collection, organize your gadgets, and get rid of aging ones.

Simon Hill