Articles about Adobe

Google's Project Zero reveals another Microsoft flaw

Google's Project Zero has revealed a bug in Microsoft's Internet Explorer and Edge browsers. First turned up on November 25, the bug offers evildoers a technique that would let a malicious web site crash a visitor's browser as the main course, with code execution as the dessert. Detailed here, the bug works by attacking a …

Microsoft catches up to Valentine's Day Flash flaw massacre

Microsoft's popped out a Security Update for Adobe Flash. Adobe did likewise last week, celebrating hackers' love for Flash by releasing it on Valentine's Day. That dump addressed no fewer than 13 CVEs that allowed code execution due to: Type confusion vulnerability Integer overflow vulnerability Use-after-free …
Simon Sharwood, 23 Feb 2017
Microsoft CEO Satya Nadella

Microsoft ups Surface slab prices for Brits. Darn weak pound, eh?

Microsoft has increased hardware prices in the UK for a second time this year, citing the decreased value of the weaker sterling currency when repatriated as dollars. Its top-of-the-line Surface Book will today set users back a whopping £3,049, £400 more than it would have cost if purchased yesterday. Price increases across …
IK Multimedia AmpliTube on GarageBand

Apple: Don't panic, but your Mac can be pwned via GarageBand .bands

Apple says a newly patched hole in its GarageBand music tool could allow for remote code execution on the Mac. The GarageBand 10.1.6 update is being pushed out to all Macs running OS X Yosemite and later. Because GarageBand is installed by default on OS X systems, all Mac owners should install the patch, but those who …
Shaun Nichols, 14 Feb 2017
Valentine card

Roses are red, bugs make you blue, Patch Tuesday is late, because Microsoft loves you

IT admins hoping to get out of the office early for Valentine's Day have received some potentially welcome or heartbreaking news from Microsoft, depending on how they're set up. The Windows slinger says it will hold back its usual monthly release of software security patches while it irons out some last-minute problems with …
Shaun Nichols, 14 Feb 2017
Shouting match

WTF is up with the W3C, DRM and security bods threatened – we explain

Analysis A lengthy battle over the inclusion of digital rights management as a Web standard is coming to a head, with a set of new guidelines planned for early March. Those guidelines will include the latest attempt at compromise between pragmatists and idealists over how to allow control of content online without undermining the …
Kieren McCarthy, 13 Feb 2017
malware

Macs don't get viruses? Hahaha, ha... seriously though, that Word doc could be malware

Hackers are menacing Apple Mac users with Word documents laced with malicious macros that install malware. Security researchers spotted a rash of poisonous files doing the rounds earlier this week, one of which was titled "U.S. Allies and Rivals Digest Trump's Victory – Carnegie Endowment for International Peace.docm." Apple …
John Leyden, 09 Feb 2017
Windows 10 Mixed Reality, no longer just for HoloLens

Windows 10: What is it good for? Microsoft pitches to devs ahead of Creators Update

Microsoft briefed developers on the updates to the Windows 10 platform at an online Developer Day in preparation for the Creators Update, set for release later this year. The Windows 10 story is long and complex. In 2012 Microsoft released Windows 8, intended to bring the operating system into the mobile era, where apps are …
Tim Anderson, 09 Feb 2017
Ashlee Vance, Elon Musk: How the Billionaire CEO of SpaceX and Tesla is shaping our Future

Elon Musk joins anti-Trump legal brief

Updated Entrepreneur Elon Musk has joined the Big Tech battle against Donald Trump's immigration ban by signing up his companies to the amicus brief filed against it. On Monday, 97 tech companies including Apple, Microsoft, Google and Facebook filed in a San Francisco court against the ban, calling the crackdown illegal and arguing …
Kieren McCarthy, 07 Feb 2017
Java microservice, photo via Shutterstock

Javapocalypse soon! Oracle warns devs to bin plugins, fast

Oracle's warned developers who still expect browsers to run code developed for Java plugins to get busy finding an alternative. The developers behind all major browsers have decided the NPAPI framework invented last millennium by Netscape has had its day, because there are now better ways to do multimedia and other fun stuff …
Simon Sharwood, 06 Feb 2017
The British Pound - Sterling currency tumbles post Brexit

Brexploitation? Adobe gets creative with price hikes

Adobe, the developer of overpriced software for creative types, is just about to get a whole lot more expensive in the UK with steep rises set to be introduced from next month. The flash monkey is the latest firm to blame a slump in the value of the Great British Pound for hikes on product, with the ranges understood to be …
Paul Kunert, 03 Feb 2017
Mickey Mouse

Disney shells out $100m in digital animator wage-fixing lawsuit

VFX workers who created animations for Pixar and Disney movies have won $100m in an out-of-court settlement of a wage-fixing lawsuit. The case not only closely parallels Silicon Valley's own wage-fixing cartel, in which Pixar and Apple founder Steve Jobs was described in court as a "ringleader", but the same judge also signed …
Andrew Orlowski, 02 Feb 2017

Trump's visa plan leaks: American techies first

Analysis President Trump's immigration reforms are set to open a divide between Silicon Valley bosses and their technology workers – much as Brexit did. Unlike many of Trump's policies, this one will find favour with Congress and strike a chord with American technology and engineering graduates, who have seen wages stagnate as Big Tech …
Andrew Orlowski, 31 Jan 2017
Army of Darkness. Universal Pictures.

Bookish hacker finds holes in Amazon, Apple, Google epub services

Bug hunter Craig Arendt has reported vulnerabilities in major eBook readers including those from Apple, Google, and Amazon. The similar but separate XML external entity (XXE) flaws also impact all online epub ebook services that use the popular epubcheck library that ensures good format conversions into the universal epub book …
Darren Pauli, 27 Jan 2017

Uber pays hacker US$9,000 for partner firm's bug

Russian penetration tester Vladimir Ivanov has reported a bug in anti-ransomware backup service Code42 that could have seen attackers pilfer data from the likes of Uber, Lockheed Martin, and Adobe. Ivanov, of SCADA hack house Positive Technologies, reported the since-patched XML external entity vulnerability to Uber, which …
Darren Pauli, 27 Jan 2017

Adobe's naughty Chrome telemetry code had XSS problem

Adobe's pushed out a fix for its already-controversial Chrome telemetry extension after Project Zero's Tavis Ormandy found an egregious bug. The update that shipped last week pushed the extension to Chrome users. It was presented as a convenience update that let people print Web pages to PDF, and use Reader instead of Chrome's …
Shock

It's now 2017, and your Windows PC can still be pwned by a Word file

Microsoft has begun its 2017 with the release of four updates to address security holes in Windows and Office, while Adobe has posted fixes for more than three dozen vulnerabilities in Flash and Reader. Microsoft's January patch load includes: MS17-001, a fix for the Edge browser to address a flaw that would let a malicious …
Shaun Nichols, 10 Jan 2017
android_toys_648

Android tops 2016 vuln list, with 523 bugs

Of any single product, CVE Details reckons, Android had the most reported vulnerabilities in 2016 – but as a vendor, Adobe still tops the list. The analysis is limited by the fact that only vulnerabilities passing through Mitre's Common Vulnerabilities and Exposures (CVE) database are counted. That's a statistically worthwhile …

Bad news, fandroids: Mobile banking malware now encrypts files

Cybercrooks have outfitted ransomware functionality onto an already dangerous mobile banking Trojan. The modified Faketoken can steal credentials from more than 2,000 Android financial applications, security researchers at Kaspersky Lab warn. Based on telemetry, Kaspersky Lab estimates that Faketoken has claimed over 16,000 …
John Leyden, 20 Dec 2016
Arcady http://www.shutterstock.com/gallery-450076p1.html

Oi! Linux users! Want some really insecure closed-source software?

Back in August Adobe reversed its decision to stop offering an NPAPI Flash plugin for Linux and promised that version 23 would come Penguinistas' way real soon now. At the time the decision was greeted with surprise, because Adobe had not thought to update Flash for Linux since 2012's version 11.2. But the company decided that …
Simon Sharwood, 20 Dec 2016
Toilet with smiling loo paper

Microsoft's Edge to flush Adobe Flash in Windows 10 Creator’s Update

Microsoft's signalled it will join the crackdown on Adobe Flash in the forthcoming Windows 10 Creator’s Update, which won't even bother loading the pesky plug-in whenever possible. For sites that rely on Adobe's hellspawn, Edge will go all Clippy on users and ask if they really want to run it or would rather fire it into the …
Simon Sharwood, 15 Dec 2016
Newly passed out 2Lts from 6 RIFLES on Salisbury Plain Training Area. Crown copyright, 2013

Flaws fixed in SAP's police and military software

Three of the 31 patches pushed out by SAP on Tuesday tackle flaws in the ERP giant’s technology for Defense Forces & Public Security. In particular, SAP's Defense Forces & Public Security and SAP Mobile Defense & Security components are susceptible to a missing authorisation check vulnerability. “This issue potentially allows …
John Leyden, 14 Dec 2016

Reschedule the holiday party, Patch Tuesday is here and it's a big one

Security patches for Windows, macOS, iOS and other Apple firmware, and a host of Adobe products, were emitted this week. The final scheduled patch dump of the year sees Microsoft deliver fixes for multiple products, while Apple has security updates for iOS, macOS, Safari, and iTunes, and Adobe patches nine products including …
Shaun Nichols, 14 Dec 2016
Image by infografick https://www.shutterstock.com/g/infografick

Need Xmas ideas? Try CVE-2015-7645, a Flash gift that keeps on giving

A Flash vulnerability subject to emergency patching by Adobe has been used in all major exploit kits to compromise users not already updated. The vulnerability (CVE-2015-7645) patched in October last year was the first zero day since Adobe implemented more hardened security. It was also the most pervasive among the …
Darren Pauli, 08 Dec 2016
Image by Lawrey https://www.shutterstock.com/gallery-702868p1.html

Masterful malvertisers pwn Channel 9, Sky, MSN in stealth attacks

A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN. Readers of those news sites, just a portion of all affected (since it also affected eBay's UK portal), were infected with modular trojans …
Darren Pauli, 08 Dec 2016

Crims turn to phishing-as-a-service to slash costs and max profits

Prefab phishing campaigns cost less to run and are twice as profitable as traditional phishing attacks, according to a new study by security vendor Imperva. Cybercriminals are lowering the cost and increasing the effectiveness of email phishing by buying complete packages of compromised servers and all the other components …
John Leyden, 07 Dec 2016

1.4bn records from HaveIBeenPwned offered for your analytical pleasure

Security researcher Troy Hunt had better hope his anonymisation works: he's decided to offer up most of his “HaveIBeenPwned” data set for other security researchers to analyse. He's deduped his nearly two-billion record dataset – there's a lot of pwnage in the world, people – down to a domain-based 135-megabyte text file that …

PayPal proffers patch for OAuth app hack hole

Paypal has patched a phishing vulnerability that could allow attackers to steal any OAuth token for its payment apps and gain access to accounts. Adobe software engineer and OAuth wonk Antonio Sanso discovered the token request flaw after messing with redirect URLs. He found PayPal's authorisation server setup to handle OAuth …
Team Register, 30 Nov 2016
Image of landscape with Facebook Reaction icons

Not fake news: Facebook reinvents SVG

Thanks to Facebook, you too can festoon your mobile applications with high-quality, low-overhead vector animations. The social media and data-harvesting giant on Tuesday released its Keyframes library for exporting Adobe After Effects animations so they can be rendered in Android and iOS apps. Facebook developed Keyframes for …
Thomas Claburn, 23 Nov 2016
Google  security engineer Darren Bilby. Image: Darren Pauli, The Register.

Antivirus tools are a useless box-ticking exercise says Google security chap

Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort on tools like antivirus and intrusion detection to instead research more meaningful defences such as whitelisting applications. The incident responder from Google's Sydney office, who is charged with researching very advanced attacks …
Darren Pauli, 17 Nov 2016

Adobe fined a whole million dollars for 2013 mega-breach

Fifteen of the United States of America have flogged Adobe with warm, wet, lettuce for its 2013 mega-breach that saw 38 million credentials leaked. North Carolina attorney general Roy Cooper says his State, plus 14 others*, have agreed that Adobe should hand over one million US dollars to compensate the 552,000 punters whose …
Simon Sharwood, 16 Nov 2016
Batman. Credit: DC Comics.

Google Pixel pwned in 60 seconds

Power of Community The Google Pixel fell to a team of Chinese hackers alongside Apple Safari and Adobe Flash at the PwnFest hacking competition in Seoul on Friday. Mountain View's latest offering was smashed by white-hat friendlies from Qihoo 360, who used an undisclosed vulnerability to gain remote code execution for $120,000 cash prize. The …
Darren Pauli, 11 Nov 2016

Hackers cook god-mode remote exploits against Edge, VMware in world-first

Power of Community Hackers have twice completely compromised Microsoft Edge operating on Windows 10 Red Stone 1 and for the first time twice broken VMWare Workstation without user interaction. The bugs landed via SYSTEM-level remote code execution while the second VMware hacks could also be performed remotely. The four hacks were demonstrated …
Darren Pauli, 10 Nov 2016
His master's voice

What's that, Adobe? A Photoshop for faking voices?

Recorded voice evidence will never quite be the same again. It might not even be "evidence". Last week, Adobe demonstrated a voice manipulation package called VoCo – a research project, and not (yet) a product, it says. Described as a "Photoshop for voiceovers", VoCo is actually quite brilliant. Given a speaking sample of …
Andrew Orlowski, 09 Nov 2016
Sydney Harbour Bridge in the cloud

Adobe Australia drops SaaS tax dodge

The world's ongoing efforts to get multinational technology companies paying and collecting the proper amount of tax has claimed another win, with Adobe advising it will add Australia's Goods and Services Tax (GST - think VAT, British readers and sales tax in North America) to the cost of its Creative Cloud. Australia charges …
Simon Sharwood, 09 Nov 2016

The big day is here and it's time to decide: Patch Flash, Windows, Office or Android first?

Today is the second Tuesday of the month, and that means a fresh round of security updates from the likes of Microsoft, Adobe and Google. The November edition of Patch Tuesday brings with it fixes for Windows, Flash Player, Internet Explorer, Edge, Office and Android. For Microsoft, the monthly update comprises a total of 14 …
Shaun Nichols, 08 Nov 2016
Skeptical manager image via Shutterstock

Amazon pitches 'safe and responsible' AWS at suits

Sandwiched between its third-quarter results and re:Invent conference, Amazon's been pitching AWS as production-ready. Amazon wheeled out a host of corporate big names and government super-users to testify to AWS's suitability beyond pure dev and test at a London event on Tuesday. AWS chiefs sought to reassure the suits of …
Gavin Clarke, 08 Nov 2016
Adobe Project Felix, a 3D design tool

Bow to your Sensei! Adobe adds machine learning and design tool to Creative Cloud

Adobe MAX Adobe has announced a series of updates to its Creative Cloud offering at its MAX event under way in San Diego. What Adobe calls Creative Cloud has always in fact been a hybrid product, with large desktop applications like Photoshop, Illustrator, InDesign and Premier Pro forming the main part of its value. Now the company is …
Tim Anderson, 02 Nov 2016
Ice, image via Shutterstock

HyperStore gets Coldline for tired old objects

Cloudian is integrating its HyperStore object storage with Google's Coldline archive in the cloud. Google's cloud archive becomes a place for low-access rate objects that can't be deleted, while higher access rate objects remain in Cloudian's on-premises object store. The resulting two-tier object store is managed as a single …
Chris Mellor, 02 Nov 2016

England expects... you to patch your apps and not just Windows

Brits are getting better at patching Windows on their personal computers but worse at updating their applications, according to a new study. Stats from vulnerability management outfit Secunia Research reveal that 6.4 per cent of UK users had unpatched Windows operating systems in Q3 of 2016, up from 5.4 per cent in Q2 but down …
John Leyden, 02 Nov 2016
google_vs_ms_648

Microsoft flips Google the bird after Windows kernel bug blurt

Microsoft has not responded well to Google's bug grenade, accusing the ad giant of screwing over netizens and getting its facts wrong. "We believe in coordinated vulnerability disclosure, and today's disclosure by Google puts customers at potential risk," Microsoft said in a statement. It then disputed Google's claims about …
Kieren McCarthy, 01 Nov 2016
Snail on a leaf... looking surprised (yes, that's possible). Photo by SHUTTERSTOCK

Google drops a zero-day on Microsoft: Web giant goes public with bug exploited by hackers

Google has slung a grenade at Microsoft by disclosing a Windows vulnerability before Redmond has a patch ready. The bug can be exploited by malware on a machine to gain administrator-level access. According to this blog post by Neel Mehta and Billy Leonard of the Chocolate Factory's Threat Analysis Group, the reason for going …
LaCie_Bolt_on_desktop

LaCie flings out super-glam desktop Bolter drive

Seagate’s LaCie unit has announced three Neil Poulton-designed Thunderbolt 3 desktop storage boxes, one being a flash drive moving data at up to 2.8GB/sec. LaCie is announcing: Bolt3 combining Thunderbolt 3 speed and M.2 PCIe SSDs to create the world’s fastest desktop drive, 12big Thunderbolt 3 with up to 120TB of Seagate …
Chris Mellor, 31 Oct 2016

Adobe emits emergency patch for Flash hole malware is exploiting right this minute

Adobe is advising folks to update Flash Player – as malware is right now exploiting a newly discovered hole in the internet's screen door to hijack Windows PCs. The emergency patch addresses a single vulnerability, CVE-2016-7855. The use-after-free() programming blunder allows an attacker to achieve remote code execution when …
Shaun Nichols, 26 Oct 2016

Benioff on being hacked: We're looking into some next-gen fax machines

Marc Benioff is many things. But a whiner is not one of them. Asked on stage today at the Intel Capital Global Summit about the hack of Salesforce board member Colin Powell and the resulting release of the company's highly confidential mergers and acquisition strategy, Benioff was surprisingly upbeat. "On one level, it was …
Kieren McCarthy, 26 Oct 2016

US DNC hackers blew through SIX zero-days vulns last year alone

Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee's computers. Sednit – also known as APT28, Fancy Bear and Sofacy – has been operating since 2004. The cyber-mob has reportedly infiltrated machines operated by targets as …
John Leyden, 20 Oct 2016
Man talks on ohone next to outdoor pipeline, Photo by Shutterstock

Atlassian promises elastic pipelines and premium plan

Atlassian is trying to tempt enterprise developers to launch their precious source code onto the cloud by hauling its Bitbucket pipelines feature out of beta, and overhauling its pricing. Instead of only selling subs in blocks of 10, 25, 50 or 100, the company will charge per user. Its standard plan will cost $2 per user, per …
Joe Fay, 12 Oct 2016

Adobe on patch parade to march out 83 bugs

Adobe has patched 83 vulnerabilities in its Reader, Acrobat, and Flash offerings including remote code execution holes. The former apps soaked up 71 patches centred on use-after-free, memory corruption, and buffer overflow vulnerabilities that lead to code execution. A dozen remote code execution flaws are plugged in Flash …
Darren Pauli, 12 Oct 2016
Spoon feeding

Like it or not, here are ALL your October Microsoft patches

Microsoft is kicking off a controversial new security program this month by packaging all of its security updates into a single payload. The October security release introduces Redmond's new policy of bundling all security bulletins as one download. While more convenient for end users, who now get just one bundle, the move …
Shaun Nichols, 11 Oct 2016

Crooks and kids (not scary spies paid by govt overlords) are behind most breaches

Interview Despite the hype about state-sponsored hackers, most breaches are actually the result of either criminal activity or "kids messing around", according to breach expert Troy Hunt. Hunt, operator of the breach notification service Have I Been Pwned, noted that many of the current spate of breach disclosures actually stem from …
John Leyden, 07 Oct 2016