Yahoo patched the vulnerability in Yahoo Mail

Yahoo has patched a security hole in the Yahoo Mail service, which has allowed hackers to steal user accounts and harm them in many ways.

" We have developed a fix for this vulnerability and have deployed it worldwide. Yahoo Mail users will automatically avoid this exploit, " said Yahoo spokesman Kelley Podboy.

The vulnerability Nir Goldshlager and Roni Bachar, two experts of security firm Avnet (Israel), discovered in early August. The problem arises from the way Yahoo Mail handles attachments. By creating an HTML-encoded attachment in many different ways, the intended attacker can bypass Yahoo Mail's security filtering mechanism to execute malicious JavaScript code.

The above exploit error will allow the JavaScript to execute immediately after the recipient opens the e-mail message, and even if the victim has not opened the attachment.

According to the analysis of the two experts, exploiting errors also allow hackers to steal Yahoo Mail cookies, penetrate into sessions and unauthorized access to user mailboxes.

" This type of attack can trigger a variety of other sophisticated attacks, such as spreading worms, installing keylogs, phishing, and scanning the victim computer port, " said Roni Bachar.

Shortly after discovering the flaw, Bachar and Goldshlager contacted Yahoo to let the manufacturer develop a patch for the system. Currently, there have not been any attacks exploiting this vulnerability.