About the August 1, 2007 Widgets Security Updates
What Yahoo! Widgets are affected?
Do I need to update these Yahoo! Widgets to the new versions?
Yes, if you have installed a version of any of these Yahoo! Widgets obtained before August 1, 2007 on a Windows PC or Apple Macintosh.
How do I get the Security Update?
You can download the latest versions of these Widgets from the links above or from http://widgets.yahoo.com/gallery.
What is the security issue?
Yahoo! recently learned of a security issue, commonly referred to as a code injection vulnerability, in several Yahoo! Widgets. Some of these Widgets are part of the bundle downloaded with Yahoo! Widgets, and all of them have been available in the Yahoo! Widget Gallery.
How did Yahoo! learn of this?
Yahoo! has relationships with third-party security organizations and researchers. Aviv Raff from Finjan's Malicious Code Research Center informed Yahoo! of this particular issue.
What is the potential impact?
Some impacts of a code injection vulnerability might include the execution of arbitrary code and corruption or deletion of files on the system. For this specific security issue, these impacts could only be possible if an attacker is successful in gaining control of someone's network and intercepting communications with Yahoo! servers.
Who is affected?
Users of the affected Yahoo! Widgets who have their networks compromised while running one of these Widgets. If your computer has installed any of these Yahoo! Widgets before August 1, 2007, you should install the updates.
Why do I have to install the updates?
Installing the updates helps protect against exploits of this issue that may be developed.
How long will it take?
Each update should take only a few seconds, although the exact time depends on the speed of your Internet connection.
What if I don't install the update?
Over the next several weeks, users worldwide will be prompted to update to new versions of these Yahoo! Widgets upon launching the individual Widgets. If you choose not to update and you have not updated at http://widgets.yahoo.com/gallery, the affected Widgets will no longer run on your system after August 15, 2007.
Why has one of my Yahoo! Widgets been disabled for security reasons?
Versions of the above Widgets vulnerable to this security issue that were downloaded before August 1, 2007 will not run after August 15, 2007. Please see this article for more details on disabled Widgets.