Vulnerability in Pidgin and other IM-clients


pidginPidgin users and some alternative IM applications are invited to update their Instant messaging solution this is after CORE security announced the discovery of a serious vulnerability in the IM code source.

The list of IM vulnerable includes Pidgin,Finch,Adium,Meebo and Gaim. In which Libpurple library is used. Libpurple is designed to provide simultaneous support for a various messaging protocols. The details of this vulnerability can be found here.

Security Expert at SANS ISC warns that it takes only to send a message from the victim MSN without being on the attacker buddy list to exploit this vulnerability.

The solution is to upgrade your IM client that is based off of pidgin to Non vulnerable versions of Libpurple which is 2.5.9 or higher.

make sure you subscribe to my RSS feed!

  • Pingback: Mourad ben lakhoua()

  • Pingback: Mourad Ben Lakhoua()