logo
logo

Yahoo Mail Bug Squashed By Cyber Security Flaw Bounty Hunter

avatar
Peter Garvey
img

Yahoo moved to patch the flaw before the bug could cause chaos

Security researchers have uncovered a flaw in Yahoo Mail that would have enabled hackers to snoop on user s emails or use the accounts to spread viruses to other people.

Yahoo s HackerOne bug bounty program was responsible for surfacing flaw, which was spotted by Finnish white hat Jouko Pynnonen, who was awarded $10,000 £7,947 for his efforts.

Normally yahoo Mail filters messages in HTML format to spot any malicious code in order to block it before it passed through a user s browser.

However, Pynnonen discovered that this barrier could be breached by with an email including a custom HTML link.

Upon opening the email, the code would immediately activate JavaScript to render a share button in the email but with broken HTML pointing to a whitelisted site.

collect
0
avatar
Peter Garvey
guide
Zupyak is a the world’s largest content marketing community, with over 300 000 members and 3 million articles. Explore and get your content discovered.