Skip to main content

Researchers say Yahoo Mail exploit still active, despite claim of being fixed

posted onJanuary 9, 2013
by l33tdawg

On Monday, Yahoo told TNW it had plugged a vulnerability in Yahoo Mail that had resulted in email accounts being compromised after users clicked on a malicious link they received in their inboxes. On Tuesday, the information security training and penetration testing firm Offensive Security said it has discovered the vulnerability is still present.

As we wrote yesterday, the hacker Shahin Ramezany (aka Abysssec) uploaded a YouTube video demonstrating how to compromise a Yahoo account by leveraging a DOM-based XSS vulnerability that is exploitable in all major browsers. Offensive Security says it spoke with Ramezany yesterday after Yahoo said the flaw was fixed, and found that it can be worked around.

Source

Tags

Yahoo Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th