The flaw could have let attackers destroy files and steal personal information.
Yahoo Inc. has fixed a security flaw in its Yahoo Mail service that could have let attackers destroy files and steal personal information--virtually anything a user types, including passwords, user names, and credit-card information. People using the Yahoo Mail service and had scripting enabled on their Web browsers were vulnerable to attack.
The malicious script execution flaw was reported to Yahoo on Nov. 11, the company says. The flaw was fixed on Yahoo's servers and doesn't require customers to take any action.
The flaw was discovered by the Mobile Code Research Center at security firm Finjan Software Ltd.
In a statement, Yahoo said it takes security very seriously and "employs rigorous and aggressive measures to help protect our users.
"We are unaware of any users who were affected by the issue which no longer affects Yahoo Mail," the statement read.
Just last week, security researchers warned of a flaw in Yahoo's instant-messaging app that could allow attackers access to users' systems. That flaw has also been fixed.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.