Yahoo email hijack possible with $700 XSS exploit

Share this article:

Yahoo reportedly has yet to fix vulnerable code that is allowing a hacker to sell a $700 exploit capable of undermining a cross-site scripting (XSS) issue in Yahoo's website. The company still is in search of the malicious URL that is being used to spread the inject, which would allow successful bidders to hijack Yahoo webmail users' accounts. The bug first was reported Friday by security blogger Brian Krebs, who wrote that the malicious marketer was offering to sell the exploit only to “trusted people,” so as to keep news of the flaw unknown to those aiming to patch it. A Yahoo spokesperson did not respond to a request for comment made by SCMagazine.com on Tuesday.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.