New XSS Vulnerability in Yahoo Mail Emerges

By Monday, January 7, 2013 0 , , Permalink 0

In a tweet Shahin Ramezany the hacker who has claimed to have found the vulnerability, revealed that full details of the exploit will be released once Yahoo fixes the vulnerability. The hacker has also posted a video showcasing the hack. It seems that the hack is not hard to pull off and only requires a few minutes.

No details have emerged with respect to the number of users whose accounts have been compromised because of the vulnerability. But, searching twitter for Yahoo Mail Hacked brings up quite a few search results as it seems that the vulnerability is being targeted in the wild.

“My yahoo mail was hacked overnight. Please delete any emails you received from my account overnight and don’t click on the links. Sorry!” says one user.

“it was strange- it happened to another friend last night… didn’t open either… knew it was a ‘hacked’ message. frustrating!” noted another.

[Update: 08/01/2013 @ 4:06 AM GMT]: AllThingsD is reporting that Yahoo has announced in a statement that it has fixed a vulnerability in Yahoo Mail. Referring to an online video (probably the one which we have reported) Yahoo said that the vulnerability has been fixed and that it will work diligently to fix other vulnerabilities. “We were recently informed of an online video that demonstrated a vulnerability. We confirm that the vulnerability has been fixed.” reads the statement from Yahoo!