Yahoo toolbar security flaw allows you to hack into online services

Published June 12, 2014 5:48pm

Yahoo's Y! Toolbar may be a cool tool to access one's online services like Flickr, Google, Twitter, YouTube and Pinterest—but a flaw could also allow an attacker to hijack those accounts, a security researcher said.

In a blog post, Behrouz Sadeghipour said he discovered the bug while "poking around Flickr to find a few vulnerabilities."

He explained:

"Who’s affected by this? Any one using Y! Toolbar could simply get their Yahoo, Google, Youtube, and other services hijacked by visiting any of those websites containing an XSS vector. Since these are highly reputable websites, it makes it easier for attackers to hijack accounts due to the fact that reputation and websites that contains a malicious code designed for an attack."

So far, he said the only solutions are to update the Y! Toolbar to the latest version or remove it.

A separate report on The Hacker News said Sadeghipour had "reported the flaw to Yahoo Security team and they have recently patched it in new version."

But it noted the toolbar is available for a wide range of browsers including Microsoft's Internet Explorer, Mozilla's Firefox and Google's Chrome.

It added the Y! Toolbar "is one of the most popular and widely installed web browser add-on/extension."

"Many popular (software) like Java Update and thousands of free software including some Antivirus products promote Yahoo toolbar and bundled it into their installer files," it added. — Joel Locsin/TJD, GMA News

Tags: yahoo, cybersecurity, hacking