AOL has moved quickly to patch a severe security flaw in its AOL Instant Messenger (AIM) client - which also ships with Netscape Communicator.
Security firm @stake said the flaw could have allowed hackers, through malicious HTML email or a malicious website, to run code on users' machines if they had installed AIM, regardless of whether they were running it or not.
The weakness, a HTTP buffer overflow vulnerability, was described by @stake as "real easy to exploit".
Many corporate networks are understood to be included in the estimated 64 million users of the client. @stake warned that the bug may bypass corporate firewalls, because it is client initiated and most firewalls don't guard against this type of attack.
AOL has posted a patched version of the IM client at http://www.aol.com/aim/home.html, but eyebrows are likely to be raised at the apparent lack of publicity for the fix. However, AOL said it has received no reports of the flaw being exploited.
@stake warned that people are vulnerable unless they upgrade. A description of what users should do if they cannot easily upgrade can be found on @stake's website.
Loon's balloons will bring the internet to remote areas of the country
New clues into the biosphere on Earth in the lead up to the emergence of animal life
Planetary collision might shed light on the chaotic processes behind a star's early development
Success boosted by streamer Ninja and celebrity gamers