A security researcher is alleging that Yahoo
risk from a pair of critical phishing and redirection vulnerabilities. One
of them may well still be open too.
Security Researcher Aditya K Sood posted a security advisory on a public
mailing list explaining that, ” a severe redirection and phishing
vulnerability have been found in Yahoo Network.”
According to Sood, the vulnerability could have allowed certain specific
URLs linked on the Yahoo network websites to be manipulated to redirect
traffic for a malicious purpose like phishing
Sood alleged that the whole Yahoo network was vulnerable to this type of
attack. The researcher does however claim that the issue was reported and
patched by Yahoo within 24 hours.
There is a second phishing issue that Sood has also reported which has not
yet been fixed by Yahoo. Sood alleged that the second issue is specific to
the Yahoo Search core network.
“The links provide for the search to next page can be manipulated by the
phishers to redirect traffic and use yahoo search engine for phishing,” Sood
states in the advisory. “The vulnerability affects the yahoo search engine
Yahoo spokesperson Meagan Busath confirmed to internetnews.com that
Yahoo is aware of the issue.
“Yahoo takes security seriously and consistently employs measures to help
protect our users,” Busath said in an email to internetnews.com. “We
are aware of this particular issue as it relates to the broader industry
wide issue of phishing, and are working towards a fix.”
Busath advised that for user, awareness is a key defense. To that end, she said Yahoo’s Security Center can be a big help.
“Yahoo has made it a priority to help educate consumers so that they are
empowered to protect themselves online,” Busath noted.