The 3 security flaws allow hackers to inject malware onto the PCs of surfers running the vulnerable versions of the chat software.
The three vulnerabilites in the Trillian client are as follows:
- An error in the way Trillian seperates MSN protocol traffic
- A problem while XML parsing
- FONT tag values can be exploited
According to Cerulean Studios, Trillian’s developer, users must upgrade to version 3.1.10.0 to be protected from the flaws.
It seems that more and more we are seeing issues with released software that can be manipulated in a way to affect a users computer. What is amazing is how hackers spend very little time to infiltrate a software application. Should companies like Cerulean Studios, Microsoft, etc, hire hackers to make sure that their code is protected. Would it even help, as there always seems to be someone out there smarter than the developer that wrote the code.
Knock on wood, I have never fallen victim to a hacker via software security flaws. I always keep up to date on the updates for my OS, keep up to date virus software, as well firewall monitoring software. It is scary to think that most of my financial life is documented on my pc and if someone were to gain access to it in a malicious manner, through something like Trillian, who knows what I would do.
Let’s hope that Cerulean Studios learns from this issue with Trillian and spend more time on the beta testing of their software prior to releasing it to the masses, who some just spend their days trying to break it.
