dcsimg
RealTime IT News

AOL Patches AIM Security Flaw

AOL Time Warner Thursday applied a server-side patch to a security flaw in the 4.7 and 4.8 versions of its AOL Instant Messenger (AIM).

The fix plugs a hole that could potentially have allowed destructive Internet worms to infect AIM's 100 million+ users. Because the patch is a server-side fix, AIM users will not have to download it.

"To our knowledge, the issue has not affected any AIM users," AOL spokesman Andrew Weinstein told InternetNews.com Wednesday.

Information about the vulnerability first surfaced Wednesday with an advisory from the non-profit security research group w00w00 Security Development. At the time, the group said the flaw, which consisted of a buffer overflow in the code that parses a game request in AIM's "Play Game with Buddy" feature, would allow remote penetration of a victim's system without any indication as to who had performed the attack. Such an attack could download itself off of the Web and then use AIM's "buddy list" to attack the victim's associates.