Yahoo has fixed a hole in its online email service that could have allowed hackers to gain access to accounts.
"We have developed a fix for this bug and deployed it worldwide," a company spokeswoman explained. The vulnerability itself was discovered by Israeli security company Avnet earlier this month and involves how Yahoo Mail handles attachments.
The exploit was such that the recipient only had to open the email without having to open the attachment itself. As a result, it was possible to steal an individual's Yahoo Mail cookie, hijack the session and gain access to the person's in-box.
"This attack vector could be used to launch a variety of other more sophisticated attacks," wrote Roni Bachar from Avnet. These could include unleashing worms, installing keylogger programs, phishing and scanning ports on the PC.
After identifying the vulnerability, Bachar and co-founder Nir Goldshlager immediately alerted Yahoo, so that the vendor could patch its system. Bachar isn't aware of any known exploits of the vulnerability.