• PC World
• » Security

Two days after the announcement of a serious security hole in its popular Instant Messenger program, America Online said on Thursday that it has fixed the problem.

The flaw could have allowed attackers to use the shared game-invitation feature of AOL Instant Messenger to attack and run code on target systems running AIM.

The problem was fixed when AOL made changes to its servers early Thursday, says Andrew Weinstein, a spokesperson with AOL. Because the problem was fixed on AOL's servers, AIM users do not need to make any changes to their software or download any patches to be protected, he says.

AOL is not aware of any users being affected by the problem, he adds.

The security problem was announced on the Internet on January 1 by security group w00w00. Common practice in the security-hole research field is that programmers who discover a hole notify the company whose product has the problem before releasing the information, often giving the company time to develop a fix for the problem.

Though w00w00 has said that it notified AOL via e-mail prior to releasing its data, Weinstein says that the "information didn't reach the appropriate people within the organization."

Weinstein also urges programmers to get in touch with vendors about security holes before releasing information on the problems.

• See more like this:
• AOL,
• AIM,
• instant messaging,
• messenger,
• security,
• flaw,
• hole,
• malicious code,
• hacker