The discovery of a trio of security bugs means that users of the popular Trillian instant messaging client need to update their software.

All three of the newly discovered bugs create a means for hackers to inject malware onto the PCs of surfers running vulnerable versions of the multi-protocol chat application from Cerulean Studios. The vulnerabilities involve flaws in how Trillian parses MSN protocol traffic, an error within XML parsing, and a third flaw involving the processing of messages with long (malformed) attribute values within the FONT tag can be exploited.

Users need to update to Trillian version 3.1.10.0, as described in an advisory by security notification firm Secunia here. ®

Related stories

• IM client library bug plagues Pidgin (21 August 2009)

  https://www.theregister.com/2009/08/21/im_client_security_update/

• The cordless phone is reborn for the IM era (10 January 2008)

  https://www.theregister.com/2008/01/10/vtech_ls6117_phone/

• Text bug blights Trillian (19 June 2007)

  https://www.theregister.com/2007/06/19/trillian_bug/

• Skype worm leaps onto MSN (24 May 2007)

  https://www.theregister.com/2007/05/24/skype_msn_worm/

• Yahoo! blocks! third-party! IM! (29 September 2003)

  https://www.theregister.com/2003/09/29/yahoo_blocks_thirdparty_im/