Mitre, Purple Palace; Where is the dumb-user line? ¯\_(ツ)_/¯
Updated Hacker Julien Ahrens says Yahoo! Messenger contains a remote code execution hole that the Purple Palace won't fix. The buffer overflow holes (CVE-2014-7216) will keep bleeding, Ahrens says, because Yahoo! has told him the relevant app is end-of-life and therefore low on Yahoo!'s to-do list. Yahoo! has been contacted for comment. Exploiting the flaw relies on victims installing new emoticon packages, a vector Ahrens feels is a very live threat given instant messaging users are rather keen...