As mentioned in the last blog, we fixed 4 vulnerabilities in Trillian 3.1 with our new 220.127.116.11 release. The links to the specific advisories are below:
- ZDI-CAN-169: Trillian Pro Rendezvous XMPP HTML Decoding Heap Corruption Vulnerability
- iDefense: Trillian Multiple IRC Vulnerabilities
All of these vulnerabilities have been addressed in version 18.104.22.168 and we encourage everyone to upgrade to the latest version. We will be rolling out an auto-update for our existing customers shortly.
Special thanks to both the ZDI and iDefense teams for their assistance in reporting and resolving these issues; we’ve worked with a handful of vulnerability research firms in the past, and I can happily say that these folks are both top-notch researchers and extremely professional. We look forward to continuing our relationship with them both to ensure we bring you the most secure and error-free software possible!