Trillian "critical" patch released

Yesterday, Cerulean Studios, the maker of the multi-protocol chat software Trillian, issued a "critical" patch for Trillian 3.1.5.1, earlier versions of the software are also vulnerable to the attack. This vulnerability is in the character encoding in Trillian, mainly in the the word-wrapping handling of UTF-8, which is the Unicode Transformation Format used for encoding characters in e-mail, instant messages and Web pages. If an attacker takes advantage of this vulnerability, the attacker could then potentially launch a buffer overflow which would allow them to, remotely gain control of a user's system. The vulnerability can be exploited if the user views a malicious message which contains an unusually long UTF-8 string. The patch released on Monday updates Trillian to version 3.1.6.0, so make sure you update to fix the security flaws. To Learn more visit C|NET's News.com for a more detailed article.

If you aren't familiar with Trillian, from Cerulean Studios, it's a multi-protocol chat client. It enables users to use their Yahoo's Instant Messenger, AOL's AIM, MSN Messenger, IRC, and ICQ accounts all in one client. Which makes signing-in to multiple IM accounts very simple and convenient, ridding the user of launching all the various clients. I've used it for quite a while and I recommend it, if you want to give it a try visit their site for the download.
[via C|NET's News.com]