A pair of security firms Monday reported a serious vulnerability in America Online's instant messaging client that could expose users to attack.
Both Internet Security Systems, of Reston, Va., and Copenhagen-based Secunia warned that systems running the Windows editions of AOL Instant Messenger (AIM) can be loaded with malicious code if they're enticed to specially-crafted Web sites.
The problem stems from AIM's "Away" function, which displays a user's current online status to other contacts. The flaw could be exploited by attackers to create a buffer overflow on the machine, then once the system's compromised, feed it other code or a Trojan horse, which could give the hacker later access to the PC.
The most likely attack vector would be a link embedded in an instant message that leads users to a hacker's Web site.
Secunia broke the new first, and called the vulnerability "critical." Internet Security Systems (ISS), which had notified AOL of the vulnerability last month but had held off publicly announcing the AIM hole, followed suit.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
