The Register has reported that there was a Yahoo! flaw that lets an attacker take control of a user’s Yahoo! account by tricking the user to click on a malicious link.

That flaw has now been fixed by Yahoo! and it has something to do with cross-site scripting (XSS).

When the user gets tricked, the attacker can view his or her address book, make instant messages, view recent searches, and change settings in the user’s account.

“Yahoo! takes security seriously and consistently employs measures to help protect our users,” said a Yahoo! spokesman.

“It’s incredibly powerful because it allows the attackers to to do anything they want to any website that’s vulnerable,” said Robert Hansen who is a researcher.

Source: The Register