Skip to content

Security Update in Latest Version

April 3, 2007 on 11:45 am | In News | 47 Comments

We released an update to Yahoo! Messenger 8.1 (for Windows) that includes an important security update. The new version number is 8.1.0.249.

Starting this week, you may receive a prompt to update to this latest version when you sign into Yahoo! Messenger. When the window appears, click the “Update Now” button to install it. The latest Windows version of Yahoo! Messenger is always available from the download page of our website as well.

If you need to check the version number of your Yahoo! Messenger, first sign into Yahoo! Messenger, click on the “Help” menu, then select “About Yahoo! Messenger”.

Sarah Bacon
Product Manager

47 Comments »

RSS Feed | TrackBack URI

  1. does this include the fix for the yahoo chats not loading?

    Comment by vb_packets — April 3, 2007 #

  2. Another Winblows update, how about the Mac version that have been in “beta” for a year?

    Alex

    Comment by Alex Rodriguez — April 3, 2007 #

  3. I just had a nice dinner. It was good.

    Cool for the updates. Try and fix up the other problems too.

    Those who want to know what this update includes can check this link I found:

    http://messenger.yahoo.com/security_update.php?id=031207

    When I was downloading the latest update, it showed me a button for the above link. I hope the above link refers to the current update.

    I will go to sleep soon…I will see ya all tomorrow or so.

    Comment by user — April 3, 2007 #

  4. i like these auto-update prompts like those in Messenger and Y! Jukebox. it’s more convenient than actually visiting the website.

    i wish all software had an auto-updater which didn’t require a browser…

    Comment by jon — April 3, 2007 #

  5. What the hell were you guys thinking by deleting the Java-based chat client ? The messenger chat client is slow, in spite of being ugly and featureless, and full of bugs.

    What bozo made the decision to drop the DHTML and Java clients?

    Comment by Orlando — April 3, 2007 #

  6. 8.1.0.249 is working just as bad as any other version of messenger. Since Yahoo! “apparently” isn’t allowed to visit any of the web sites that post malicious content to be downloaded and used on Yahoo! chatters, why don’t they hire an independant firm to have these malicious program distributors taken off the net in a similar fashion to how a hacker would be shut down? Most hackers that I have had the privilage of knowing done so out of curiousity and not malice the way these programs for Yahoo! are now being used. Why let one little bunch of geeks ruin what we like so much. I say we search out and find these sites and e-mail their web host with a few lines from their blogs and other blogs complaining about the programs they are making possible to reach people for the malicious intent they were made for.

    Comment by polar — April 3, 2007 #

  7. We join these blogs and shoot at Yahoo! from the left right and center and yet it isn’t Yahoo! doing the damage to the chat rooms etc., it’s the programs people like marcus, neo, black widow, puddy, acid and so many others make that ruin all of our chat experiences. I think “we” as the whole community of Yahoo! should be the ones to get rid of people like them. We all squalked and together got answers from Yahoo! and maybe if we do the same, we can get answers from the people making it possible for these idots to do their thing. Do you know…that most of the sites that distribute booters also distribute porn that can be seen with a click of the mouse and I’m not talking a few words in a room from a bot. I mean full out hardcore porn. At the most you have to make an account for the site and it is as easy as a fake name and a fake e-mail and voila you are into get whatever you want from booters to boobies and some even have live cams rather than movie clips. These are the people bringing porn to Yahoo! along with the malicious programs.

    Comment by polar — April 3, 2007 #

  8. Heres one from romanware…

    STB

    A Multiple Account login program with SOCKS 4/5 proxy support for use with Yahoo! chat. Login multiple accounts into a chat room and get voice on all of them! The current version is 10.34. This version works in YMSG protocol.

    Now…who was saying what about bots in a room?

    Comment by polar — April 3, 2007 #

  9. heres another from romanware…

    SuperVox GOLD

    Supervox GOLD is a yahoo chat client that allows you to easily navigate to the yahoo chatrooms and uncludes the special feature of giving you domination in voice over the other chatters in voice. In addition there is a voice lagg feature and the option to login to chat through the unbootable protocol I call YHTTP.

    What ever happened to chat, now we see…

    Comment by polar — April 3, 2007 #

  10. I have downloaded several versions of Yahoo messenger since 4pm this afternoon, it is now 12am and I am still unable to get into the new version that I downloaded 3 hours ago! Heck I can’t can’t any version anymore ! Everytime that I go to sign it I get the message “retry again later”..very frustrating!

    Comment by Lisa — April 3, 2007 #

  11. Any chance you know when the messenger/mail integration will be available for AT&T yahoo mail beta users?

    Comment by AT&T User — April 3, 2007 #

  12. When are we getting the Vista version?

    I am tired of the current version and am now thinking to avoid using it now.

    Comment by Hitesh — April 3, 2007 #

  13. No one asked you to use it in the first place Hitesh.

    Read carefully the kind of Warning he has given. Indians can do nothing else but complaint.

    Comment by user — April 4, 2007 #

  14. HI AT&T User,

    The messenger/mail integration began rolling out in mid-February and it will take about 3 months for it to become available to all users on Yahoo! Mail Beta, including AT&T Yahoo! users. You can read more about it here:
    http://blog.messenger.yahoo.com/blog/2007/02/

    Sarah Bacon

    Comment by Administrator — April 4, 2007 #

  15. I guess we will see version 1000 on Windows before we get a working messenger on Linux.

    Please make a messenger that works with webcam and voicechat for Linux!!!

    Comment by brian — April 4, 2007 #

  16. I have a legitimate question for Sarah Bacon or whoever feels the need to answer; why do all the 3rd party clients seem to work ok with Yahoo! other than all the bots in rooms but Messenger is so screwed up it can’t even join a room and give font and voice right if at all???

    Comment by polar — April 4, 2007 #

  17. The voice issue with Linux and Mac versions is most likely a licensing issue with the TrueSpeech codec which AFAIK is not available on those platforms. When I looked into this a couple of years ago I believe the MINIMUM license fee for the TS codec was around $250,000 and had certain limitations on usage as well as distribution.

    The webcam support is an entirely different issue as they use JPEG2000 encoded images (they license the ?Kakadu? library for this IIRC) so it’s quite possible that future Mac and Linux versions could support it.

    Unfortunately Yahoo! has been somewhat tight lipped about the features that will appear in upcoming versions so it’s hard to say what if any support for voice or webcam will appear.

    Comment by Chet Simpson — April 4, 2007 #

  18. Hey what’s up all. Just had dinner. I had kinda busy day today with some work and then trying to straighten the heads of few people in different places.

    Anyway, yesterday I downloaded the security update by going to the messenger’s USA website…so I didn’t do it based on Update alert.
    Actually, what you can regularly do for Yahoo! messenger is log into the messenger and then click on Help and then click on Check for Updates. Voila! It will show you if you have the latest version or not.
    The above process is for Yahoo! messenger US version. I don’t know about know about others.

    Comment by user — April 4, 2007 #

  19. yahoo should have a link to these security-advisories on the main “yahoo messenger” webpage, and maybe also on the main “yahoo” webpage..

    Comment by redwolfe — April 4, 2007 #

  20. up grade,,, new versions,,,,better… improved,,

    LMAO>>>>>>>>>>> Sarah…. Yeah right you spend all this time improving,,, and yet you wont fix the chat rooms….. I wonder if she is real…hmmmm is she a bot to???? Or a pupit of th board…. ever notice she will never commnet on the chat rooms……….. So Sarah are you real…of just one of htose bots who roam the chat rooms……
    hmmmmmmmmmmmmmmm

    Comment by den — April 4, 2007 #

  21. [...] According to Yahoo’s Blog if you’re running the latest build (249) you already have the security update. I’m not sure what the security update is about though. My Signature (Post Above This!): [...]

    Pingback by Yahoo Messenger update - BigBlueBall Forums — April 5, 2007 #

  22. I heard the update was to stop the logging out of chat when you join and the long wait to join rooms, but all the above are still going on. The update didn’t make anything on my side work any better…lol

    Comment by polar — April 5, 2007 #

  23. This update seems to fix the security vulnerability and also the issue with .TMP files being created in the main Messenger directory instead of the Messenger/Temp folder…

    Also, if you haven’t read the latest about the chat situation, there is something being sent to some Yahoo users…

    Thank you for writing to Yahoo! Messenger.

    We understand that you are unable to enter chat rooms through
    Yahoo! Messenger. We do realize the inconvenience and
    empathize for your present situation.

    We are currently aware users may experience slow load times
    when trying to access or communicate in Yahoo! Chat. These
    issues may be intermittent, allowing access to Yahoo! Chat on
    some occasions, and on others return the message “Signing
    into Chat took longer than expected” or “request refused.”
    Our engineering teams are currently investigating an issue
    with the Yahoo! Chat servers and working on a resolution.

    Unfortunately, we do not expect that this issue will be
    resolved until 14 May 2007. We are aware Yahoo! Chat is
    important to you, and we want to make sure this issue is
    resolved correctly.

    We apologize for any inconveniences this may have caused and
    appreciate your patience and understanding while we work to
    resolve this issue.

    Thank you again for contacting Yahoo! Messenger.

    As for what it means, your guess is as good as mine.

    Comment by Venom — April 5, 2007 #

  24. I think all the bot programs running are overwhelming the servers. The rooms are only supposed to hold 50 chatters and 1 mass iggy or room filler program can login between 1 and 1000 bots(accounts). Even 200 bots is 4 times the amount in 1 room. Most of the mass room fillers can open in more than 1 instance and therefore login as many accounts as they want. That is a major strain on Yahoo!. Most mass iggy/room filler runners are loading bots into more than 1 room. Yahoo! has to do nothing more than find a way to make a charge stick to fix the bot problems. Find a way to charge all these chat ruining people. A few big fines would deter people from running the bots on Yahoo!.

    Comment by polar — April 5, 2007 #

  25. when will there be a Yahoo! Messenger (9.0)??? and when can we start uesing the new Yahoo! Messenger Vista version ?????????????????????????????????????

    when when when ??????????

    Comment by david — April 6, 2007 #

  26. With this update, the avatar support is broken. Again.

    Comment by X — April 7, 2007 #

  27. As far as the availability of the Kakadu webcam JPEG2000 implementation on other platforms… on Kakadu’s site there are some examples for both Solaris and Linux.

    I’m glad that remotely exploitable vulnerabilities in your libraries (ie. yacscom.dll) are taken serious and fixes are pushed out immediately upon awareness of such issues. I don’t, however, see why such issues are taken seriously by Yahoo! but cleaning up your chat network from booters, cracking, voice lagging and spam are “afterthoughts”. You have kids, day in and day out, going around freezing up entire rooms of voice chatters and booting them off your network.. treating them like they’re yo-yos until they just lose hope and stay off Yahoo! Chat until the attacks cease. I find it completely unacceptable that these problems have existed for so long (YEARS) and the root of the problems haven’t been addressed. As far as I’m concerned, in order of priority, denial-of-service issues should be fixed first and then the serious spam-related problems next.

    Since programs such as Chet Simpson’s Y!TunnelPro and my program (YTK Pro) already address both issues and resolve them (to an extent) the denial-of-service issues can wait until after the spam issues are rectified. At this point in time the chat network performance is out the window and is so poor that even die-hard chatters completely obsessed with Yahoo! chat are turning away. I think that having to wait (stall or whatever..) until the middle of May is pretty pathetic. We’re talking another month and a week up until this date and it’s already been going on hardcore for many months now (less or worse each day and fluxuating).

    Your help pages support for Yahoo! Messenger 6.0 (uses YMSG12) was recently dropped and even more recently help page support for Messenger 7.0/7.02/7.5 (uses YMSG13/YMSG14) has been thrown out too. What exactly is keeping you guys (@ Yahoo!) from scrapping login support for YMSG14 and below? Interoperability is only possible with your newer protocol version YMSG15 and this login hasn’t been “cracked” yet so rationally considering a forced upgrade for everybody to use Messenger v8.0+ would be a move that would not only promote your IM service provider interoperability support more (WLM, LCS and Sametalk) but would also kill both birds with a single stone (conventional booters/booting & chat room spam). While the move wouldn’t totally remove these two hefty problems it would without a doubt be a noticeable and very welcomed change. What’s the hold up?

    Comment by Adam [Torseq Technologies] — April 7, 2007 #

  28. Ok they say they know there is a problem with logging into chat and they are going to have it fixed by May 14th. Well I keep sending it that I have a ID that I can’t log into chat and its been that way for a year.They keep sending me a email saying they know about the problem and are working on it. So who here belives they will have this problem fixed by May 14th?

    Comment by OWP — April 9, 2007 #

  29. Not I. It’s been wrong too long.

    Comment by Chuffed — April 12, 2007 #

  30. signing in to chat took longer than expected

    whats realy reson…

    Comment by chetan — April 13, 2007 #

  31. UGH i hate the update it has changed the look of my buddylist now i dont who tha hell is online unless i put my cursor over there name!!!! I want it to look the old way again can anyone help. THIS SUCKS!!!

    Comment by Kookie — April 13, 2007 #

  32. glad iread this before i put in the update it doesn’t sound fixed to me if part of it is to be resolved in may ive just been staying off messenger due to the security problems now im thinking about taking it out completely and installing aim (the aol free im)or perhaps trillian either one may be a better choice

    Comment by astrospacerich — April 14, 2007 #

  33. I thought the latest security update worked okay. I found it easy to install.

    Comment by Carla — April 16, 2007 #

  34. in the IM window there are links which appear by themselves, like “Your buddy has sent you a cool Emoticon, to get it click http://www.smileyhub.com/s.asp?im=Yahoo&ref=3&ses=47244583&rsn=2&cont=%5c@TCBE(2009a)(0)%5c@TCEE“. Nobody sends them but they appear as if somebody wrote them. Could you please stop it? Is it a virus?

    Comment by katia22t — April 16, 2007 #

  35. Hi katia22t,

    No, not a virus but sounds like IM spam (aka spim). If you get it again, click the “Ignore” button in the IM window and when the confirmation window appears, click the box next to “Report as Spam”. Thanks,

    Sarah Bacon

    Comment by Administrator — April 16, 2007 #

  36. Does anyone know when the final version of Yahoo Messenger for Mac OSX (aka version 3.0) will be released? It’s in beta for many months now and it’s not stable.

    I’m still using v2.5.3 which is also unstable but much better than 3.0.

    Comment by B Ram — April 17, 2007 #

  37. I’ve been trying to log into chat for about a week now and keep getting that “Signing into Chat took longer than expected” message. It’s getting to the point where I’ll just use IM to talk to friends and relatives at this point.

    On May 14 it’ll be resolved? I think my odds of hitting the Lottery are better than that happening

    Comment by Scott — April 17, 2007 #

  38. Ok they say they know there is a problem with logging into chat and they are going to have it fixed by April 18th. Well I keep sending it that I have a ID that I can’t log into chat and its been that way for a year.They keep sending me a email saying they know about the problem and are working on it. So who here belives they will have this problem fixed by April 18th?

    Comment by faraz — April 18, 2007 #

  39. Guys, stop complaining, everything is going to be OK. Getting booted? Annoyed by the bots? Download Anti Boots or use Y!aheLite Y!tunnel, or just boot back Ignore the bots, thats all!

    Comment by SkVantx — May 8, 2007 #

  40. Well…just to let most of you know….being booted by other users is more than likely gonna decrease. I am a booter myself, i admit it…if yahoo wants to ban me using this thats cool. I was on my way to producing my own chat client built off of a booter i had programmed, however; in the days of me programming this yahoo’s new protocol 15 seems to have effectively stopped me from using anything. Ids still log on but joining a room or sending even a pm packet is impossible….until the ymsg15 protocol is “cracked” i am sure it is gonna remain this way.

    Comment by bloode — June 10, 2007 #

  41. Ok I downloaded that stupid security patch and now my webcam will not connect. Any ideas?

    Comment by Pam — June 23, 2007 #

  42. The problem with the Yahoo chat can easily be solved!!
    It is just a missing DLL.
    Here you con download it.
    http://www.afreedll.com/dll/info/yacscom_dll.html
    Download it and copy into your System32 folder.

    It took me about 3weeks to solve this problem on my computer and it was only luck to find a link which helped me solving the problem.

    I hope I can help some peolple with this link
    If it helped someone fell free to contact me in Yahoo :
    downunder35m

    Comment by Downunder — July 4, 2007 #

  43. I quote Adam where he says YMSG15 protocol hasnt been cracked yet

    I make this statement right here, right now that I have YMSG15 login. Not cracked? Guess again.

    Comment by guesswho — October 5, 2007 #

  44. Seriousely… What about us Linux users? We have no chat capabilitys what so ever. Sarah I think after all these years of no new linux releases It may be time for an updated “rpm” that atleast gives us basic chatroom opts even if it doesnt give us voice instead of hating on the Novell company and killing every new unix based client that comes out giving us what you do not.

    Comment by Robert Frayer — November 21, 2007 #

  45. and adam why in the hell would you even want her to solve that problem it will put ytk and tunnel out of bussinus

    Comment by Robert Frayer — November 21, 2007 #

  46. i need smileyhub for my messenger7 9.Obeta can you help me

    Comment by SUSAN — June 21, 2008 #

  47. hello

    Comment by onlinedidar — July 12, 2008 #

Post a comment

Disclaimer and Reminder. The opinions expressed here are not necessarily the opinions of Yahoo! and we assume no responsibility for such content. Yahoo! may, in our sole discretion, remove comments that are off topic, inappropriate or otherwise violate our Terms of Service. Please do not post any private information unless you want it to be available publicly and never assume that you are completely anonymous and cannot be identified by your comments.