Security Researcher Aditya K Sood is alleging that Yahoo was at risk from a pair of critical phishing and redirection vulnerabilities. According to Sood, the first vulnerability could have allowed certain specific URLs linked on the Yahoo network websites to be manipulated to redirect traffic for a malicious purpose like phishing. The researcher alleged that the whole Yahoo network was vulnerable to this type of attack but claims that the issue was reported and patched by Yahoo within 24 hours.
There is a second phishing issue that Sood has also reported which has not yet been fixed by Yahoo. Sood alleged that the second issue is specific to the Yahoo Search core network: "The links provide for the search to next page can be manipulated by the phishers to redirect traffic and use yahoo search engine for phishing. The vulnerability affects the yahoo search engine at full." Yahoo spokesperson Meagan Busath confirmed that Yahoo is aware of the issue: "Yahoo takes security seriously and consistently employs measures to help protect our users. We are aware of this particular issue as it relates to the broader industry wide issue of phishing, and are working towards a fix."
Yahoo!, Security, Vulnerabilities, Phishing