Flaw in Yahoo Music Jukebox

Yahoo's Music Jukebox service has a serious vulnerability in it that hackers are actively exploiting, according to security experts.

Secunia gave the flaw an 'extremely critical' rating, the highest level on its five-stage scale.

Yahoo Music Jukebox is a free music management tool that lets you play music files, burn CDs and tune into some web radio services.

"Some vulnerabilities have been discovered in Yahoo Music Jukebox, which can be exploited by malicious people to compromise a user's system," a warning on the Secunia website said.

Secunia also said that the vulnerability was being actively exploited by hackers and the exploit code was posted on the internet, potentially allowing other cybercriminals to execute the attack.

If the attack is successfully executed, a hacker could take control of your PC, putting it at risk of becoming a 'bot', perpetrating more malicious attacks on other PCs without the owner realising.

The vulnerability was discovered by Polish security researcher Krystian Kloskowski.

Secunia said that it doesn't contact the vendors whose software is at risk in cases when the flaws are discovered by researchers from outside its own company, though if it had discovered the vulnerability itself it would report it.

Secunia added that it was confident that Yahoo would be aware of the problem by now, as the information was publicly available. However, Yahoo has not yet issued a patch or a statement on the topic.

http://secunia.com
http://music.yahoo.com/jukebox

Stumble It!