Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Security vulnerability discovered in Libpurple software

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 22, 2017

An application developer is warning Adium users to choose a different messaging app since an exploitable security vulnerability has been discovered in its underlying libpurple software.

To be sure, Libpurple is an instant messaging library, and was patched two weeks ago, but it's still not 100 percent secure.

According to member Erythronium23, Adium is still using the unpatched version and that's where the problem lies.

If an attacker sends invalid XML entities containing white spaces, they can crash the purple_markup_unescape_entity process and they can still get remote code execution.

The attack string has to be sent from a malicious server, which mitigates the risk somewhat.

Erythronium's complaint is threefold:

  • Adium's developers are ignoring the bug report
  • There's no documentation about how to upgrade the library
  • The libpurple shipping with the application is a binary blob of unknown provenance
  • Adium is a Mac OS X messenger and supports connection to AIM, Google Talk, Yahoo Messenger, Jabber, ICQ and even the untrustworthy IRC.

    The company has already contacted us to say it's "getting the facts ironed out before giving an official response", and is "working on releasing an update directly."

    Source: Adium LLC.

    Sponsered ads:
    Read the latest IT news. Visit ItDirection.net. Updated several times daily.

    If you need reliability when it comes to SMTP servers, get the best, get Port 587.

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.


    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer