AOL faces another security blunder

NEWS AOL's ICQ internet chat software could be leaving users open to a security vulnerability if they don't update their software. AOL is urging all users to upgrade to the latest version of ICQ - ICQ 2001b - because of the discovery of a bug in older versions of the software. The problem is a buffer overflow vulnerability, similar to the one that afflicted AOL's other instant messaging platform AIM last week. Then AOL managed to fix the problem from the server. This time it is urging all users to upgrade to avoid problems, although it has made some back end modifications to mitigate the risk. ICQ is thought to have up to some 125 million users, while AIM has 100 million, 29 million of whom are active.