Yahoo’s trademark laziness and unwillingness to correct its own mistakes, even if they are served on a silver platter, make the app notoriously unique. Security expert, Julian Arens, voiced a story in support of the aforementioned fact. He said that he sent a vulnerability report to the company as early as May 2014. In response, the company refused to fix the issue, referring to fact that the product at hand is not supported.
Keep in mind that this happened despite the fact that the problem is serious. Breach of the CVE-2014-7216 buffer overflow allows remote code execution that gives the wrongdoer the same rights as the owner of the hacked device. If you are looking to fall victim to this hole, which we hope you aren’t, you’ll need to download the selected set of the newest stickers in a specific, sophisticated way.
When users authorize and check the availability of new emojis, they leave themselves open to potential threats. The app doesn’t check the length of the links and the key value of the titles properly. This shortcoming leads to buffer overflows, which, in turn, remotely executes the nasty, malicious code.
More than a year after the complaint was reported, Yahoo gave Arens permission to publish the available information about the vulnerability and strangely added that they will not be dealing with it.
Taking into account the insane, global popularity of various images among messenger users, as well as among users of all types of communication services, it doesn’t take a genius to evaluate the potential of the danger: EXTREME!
Loading...