Sunday, August 20, 2017
Home / Security / Exploits / New found Vulnerability in Yahoo’s framework YUI 2

New found Vulnerability in Yahoo’s framework YUI 2

In a blog post, Yahoo has stated there is a security vulnerability in its JavaScript framework YUI version 2.

It doesn’t, though, give a detailed description of the bug. The emergence only, now, connects to any project where the developers have hosted their own version of the YUI 2 SWF files (from version 2.4.0 to 2.9.0).

Those who have utilized Yahoo’s yui.yahooapis.com CDN or a different CDN for YUI 2 or use YUI 3 are not affected by the issue stated Yahoo.

The only information in the post is a connection with “SWF”; this could therefore be something in connection with the presence of the class SWFStore which supports the persistence of data using the Flash Player.

The impacted version of the framework has, though, been replaced by YUI 3 since 2009; YUI 3 doesn’t include SWFStore.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …