Users of Yahoo's instant messaging platform are being warned to avoid webcam invites from unknown sources after a vulnerability in the platform was disclosed this week.
McAfee said it notified Yahoo's security team about the issue, and advised users to decline webcam invites from untrusted sources and block outgoing traffic on TCP port 5100 until the Sunnyvale, Calif.-based web giant releases a patch.
Dave Marcus, security research and communications manager at McAfee Avert Labs, told SCMagazine.com today that there are no wild exploits for the flaw.
"We're not seeing anything past proof of concept (PoC) code, so we have no reports of exploitation in the wild, but I think it's important enough to let people know that we are monitoring the situation," he said. "The choice of Yahoo Webcam as something to develop exploits for [is intriguing], and I think that's a result of researchers being quick to know what's popular out there and looking for vulnerabilities to exploit in those popular applications."
A Yahoo representative could not immediately be reached for comment.
A researcher using the name "Danny" had released two zero-day ActiveX exploits for Messenger's Webcam application on the Full Disclosure mailing list.
Click here to email Online Editor Frank Washkuch.
Click here for the latest SC Magazine Podcast – Aug. 13, 2007: Spam - why won't it just go away?