Yahoo issued a security patch to fix a potential vulnerability in its latest instant messaging software, the company said Friday.

The patch, first posted to the Web late Thursday, repairs a security hole stemming from Yahoo Messenger's use of the portable network graphics--or PNG--format, an open-source code the program uses to display certain images, such as avatars.

The security flaw could leave Yahoo Messenger users open to attack when "surfing unknown sites on the Internet," according to a security update on the Yahoo Messenger site. "This affects users on the all new Yahoo Messenger," said Yahoo spokeswoman Terrell Karlston.

The site pointed specifically to a warning issued last week by the United States Computer Emergency Readiness Team's Web site about the PNG vulnerability.

Karlston added that no Yahoo Messenger functionality will be affected after users download the patch.


Source : CNET