12:52 PM

AOL Patches Buggy Browser

According to an alert posted by security company iDefense, AOL's browser uses a flawed method to render compressed images in the .art format. End result: The computer is hijacked.

AOL Thursday slipstreamed a security update to users of the Internet provider's browser to fix a bug that Microsoft patched back in June.

According to an alert posted by Reston, Va. security company iDefense Inc., AOL's browser uses a flawed method to render compressed images in the .art format. An attacker can exploit the bug by convincing users to view a maliciously-crafted .art image; the resulting heap overflow can be further leveraged, letting the attacker post his own code to the victimized PC. End result: The computer is hijacked.

"iDefense analysis has shown that exploitation can be as reliable as 75 percent with the current exploitation method," the warning read. In the 1-in-4 attempts that would likely fail, the PC would probably slow down or lock up entirely.

AOL's browser is a highly-customized version of Microsoft's Internet Explorer; the latter was patched to fix the .art flaw in June with the security bulletin MS06-022. AOL 9.0 and earlier are affected.

AOL subscribers using 9.0 only need to log on to the service -- a fix will be applied automatically -- but members working with an earlier edition of the ISP's client software should upgrade to 9.0 Security Edition.

As of the end of June, AOL had 17.7 million U.S. members, a drop of 3.1 million from a year earlier. In August, the company announced it would make its paid service and e-mail available at no charge to broadband users in an attempt to bring in replace lost subscriber revenue with ad dollars.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.