Yahoo has fixed a security vulnerability in its Yahoo Mail service that could have allowed malicious hackers to hijack accounts and harm users in a variety of ways.“We have developed a fix for this bug and have deployed it worldwide. Yahoo Mail users will not be required to take any action to be protected from this exploit,” said Kelley Podboy, a Yahoo spokeswoman, via e-mail.Nir Goldshlager and Roni Bachar from Avnet, a computer security company based in Israel, discovered the vulnerability in early August. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe The problem was Yahoo Mail’s handling of attachments. By creating an HTML attachment with different encoding schemes, one could have bypassed Yahoo Mail’s security filter and executed malicious JavaScript code, Bachar said via e-mail. The exploit allowed the JavaScript code to be executed as soon as a recipient opened the e-mail message, even if the recipient didn’t open the attachment. It was also possible to steal the recipient’s Yahoo Mail cookie, hijack the session and gain access to the person’s inbox. “This attack vector could be used to launch a variety of other more sophisticated attacks,” Bachar wrote. These could include unleashing worms, installing keylogger programs, phishing and scanning ports on the PC. After identifying the vulnerability, Bachar and Goldshlager immediately alerted Yahoo, so that the vendor could patch its system. Bachar isn’t aware of any known exploits of the vulnerability.-Juan Carlos Perez, IDG News Service (Miami Bureau)Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content feature Mastercard preps for the post-quantum cybersecurity threat A cryptographically relevant quantum computer will put everyday online transactions at risk. Mastercard is preparing for such an eventuality — today. By Poornima Apte Sep 22, 2023 6 mins CIO 100 CIO 100 CIO 100 feature 9 famous analytics and AI disasters Insights from data and machine learning algorithms can be invaluable, but mistakes can cost you reputation, revenue, or even lives. These high-profile analytics and AI blunders illustrate what can go wrong. By Thor Olavsrud Sep 22, 2023 13 mins Technology Industry Technology Industry Technology Industry feature Top 15 data management platforms available today Data management platforms (DMPs) help organizations collect and manage data from a wide array of sources — and are becoming increasingly important for customer-centric sales and marketing campaigns. By Peter Wayner Sep 22, 2023 10 mins Marketing Software Data Management opinion Four questions for a casino InfoSec director By Beth Kormanik Sep 21, 2023 3 mins Media and Entertainment Industry Events Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe