AOL Time Warner confirmed this week that a security vulnerability in the Windows version of its AOL Instant Messenger (AOL IM) chat application could let hackers gain control of users' computers. The vulnerability affects millions of AOL IM users, and although a fix isn't available now, the company says it will make one available soon.
"We have identified the issue and have developed a resolution that should be deployed in the next day or two," an AOL spokesperson said late yesterday. "To our knowledge, this issue has not affected any users." The fix should be available by the time you read this.
Beyond the obvious comparisons to Microsoft security problems, the AOL vulnerability is similar to many of the software problems that Redmond faces because it involves a buffer-overrun glitch. Buffer overruns can flood a software program with information, eventually overwhelming it and fooling it into executing any valid commands. In AOL's case, hackers can use the AOL IM program to take control of users' computers and delete files.
Sadly for AOL, a less-than-scrupulous group of hackers found the vulnerability, then gave the company little warning before publishing the details and a program that takes advantage of the problem on the group's Web site.