Tags: Microsoft

Yahoo! fixes Yahoo! Mail security flaws

Search engine giant Yahoo! has updated their web mail service Yahoo! Mail to fix some of the security flaws discovered in recent times. This flaw is popularly known as the cross-site scripting vulnerability and existed because the flaw existed because the service did not detect certain script tags in combination with certain special characters. As a result, the web mail facility was vulnerable to phishing scams, account hijacks, and other attacks.

The flaw was discovered by SEC Consult, which issued an advisory on the flaw Friday. However, these are pretty common in web based applications and had been discovered in services like Google and Microsoft’s Xbox 360 website. Some other areas of Yahoo! web services are also said to be affected by it.

Yahoo! said in a statement that the flaws have been fixed in the recent weeks and the users are protected to these kinds of security vulnerabilities. Karen Mahon, a Yahoo spokesperson said in a release: “Yahoo recently learned of an issue in Yahoo Mail and worked immediately to begin rollout of a server-side fix which does not require users to take any action. We are unaware of any users who were impacted by this issue.”