A security hole in widely used versions of AOL's instant-messaging program could let a crook grab control of a victim's computer, according to a security firm that says AOL's steps to repair the problem don't go far enough.
Core Security Technologies says it notified AOL LLC, part of Time Warner Inc., about the programming flaw in late August, and AOL contends the problem has been fixed. But Core Security's Chief Technology Officer Ivan Arce said the solution should be considered temporary because of the underlying design of AOL's market-leading Instant Messenger service, better known as AIM.
"I would say this is critical, this is very serious," Arce said. It's unclear whether the hole has been exploited.