Release Notes:

• Fixed a potential boot issue with forged Yahoo! Mobile Add Buddy Rejections. These rejection packets are now blocked inside YTK Pro.

Credit goes to one of our loyal customers for discovering this one!

Developers at Torseq Technologies have discovered 2 vulnerabilities in Yahoo Messenger Protocol in the form of a malformed “Add Buddy” packet. As it stands, the vulnerabilies require a patch from Yahoo! in order to block the attacks.

Symptoms include the inability to complete the login process ie. looping disconnect - which eventually leads to the victims account being locked.

Support Staff have published 2 workarounds to end the loop using a series of easy to perform steps. One without YTK Pro, the other using YTK Pro’s Protocol reversion.

Without YTK Pro

1. Log the affected ID into http://mm.yahoo.com
2. Log into the WAP Messenger
3. Click on the green link consisting of notifications.
4. Deny the add buddy request. (If there's more than one exploit buddy request, click on Home and then click on any new notifications and deny any other buddy requests).
5. Sign back into Messenger.

With YTK Pro (works with Yahoo Messenger Builds 7.0.0.242 - 8.1.0.421)

1. Open YTK Pro + Yahoo! Messenger
2. Sign in on the affected ID
3. Hit Cancel before the Sign In occurs or simply Sign Out but do not close Yahoo! Messenger
4. Open the "YTK Control Panel"
5. Under Anti-Boot put a check mark in "Enable YMSG Protocol Reversion Messenger” and select YMSG version "12"
6. Under Advanced Options make sure the "YMSG Server Selector" is set to "Let Messenger Choose"
7. After Sign In is successful without a disconnection - Sign out of Yahoo! Messenger go to the YTK Control Panel, Anti-Boot and uncheck "Enable YMSG Protocol Reversion Messenger should connect and use YMSG version".

--

We had already reported the vulnerabilities to Yahoo but after numerous failed attempts to contact then we have decided to go public with this. Finally, we’ve taken other steps to get a vendor patch as soon as possible such as reported the vulnerabilities to security websites such as BugTraq.

Full write up here.

We will attempt to keep you as up to date as possible in our support forum.

Release Notes:

• Webcam Presence Verification bug fixes
• New Icons

Release Notes:

• Added a brand new (and quite remarkable as it's the first to ever be done) feature called Webcam Presence Verification Scanning. This feature in itself will eliminate most of the "porn bots" in Yahoo! Chat rooms and requires very little bandwidth. This feature can be found in YTK Pro's control panel under User Scanning.
• Added support for the newest build of Messenger's permanent ignore feature. You can now "Ignore" users from the Blocked Message Archive (YTK Pro's Blocked but Saved Messages) and it'll add users to the Global Ignore Bin correctly.

Release notes:

• Compatibility added for chat server changes. Full notes available in the Support Forum Announcements.

Release Notes:

• YTK Pro build 1.5.452 adds full compatibility with Yahoo! Messenger v9.0 beta build 1389