Security

Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

Acrobat, Reader get patched up against dozens of new holes


Adobe has posted an update to address 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS.

The PDF apps have received a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited. Other possible attacks include elevation of privilege flaws and information disclosure vulnerabilities.

Fortunately, Adobe said that none of the bugs was currently being targeted in the wild - yet.

Whoa, is it Patch Tuesday already? No, just an unexpected critical Photoshop fix

READ MORE

For Mac and Windows Acrobat/Reader DC users, the fixes will be present in versions 2019.008.20071. For those using the older Acrobat and Reader 2017 versions, the fix will be labeled 2017.011.30105.

Because PDF readers have become such a popular target for email and web-based malware attacks, users and admins alike would do well to test and install the updates as soon as possible. Exploit-laden PDFs have for more than a decade proven to be one of the most reliable ways to put malware on someone's machine.

In total, Adobe credited 19 different researchers with discovering and reporting the vulnerabilities. Among the more prolific bug hunters were Omri Herscovici of CheckPoint Software, who was credited for finding and reporting 35 CVE-listed bugs, and Ke Liu and Tencent Security Xuanwu Lab, who was credited with finding 11 of the patched Adobe vulnerabilities. Beihang University's Lin Wang was given credit for nine vulnerabilities.

While we're on the subject of massive security updates, both users and admins will want to mark their calendars for a week from Tuesday. October 9 is slated to be this month's edition of the scheduled 'Patch Tuesday' monthly security update.

In addition to the normally hefty Microsoft load of fixes for vulnerabilities in Windows, Edge, Internet Explorer, and Office, the Patch Tuesday dump also usually includes a number of fixes from Adobe for products like Flash Player. ®

Send us news
47 Comments

San Francisco police use driverless cars for surveillance

Plus: Tech giants commit $30m to open-source security, miscreants breach DEA portal, and US signs cybercrime treaty

In brief San Francisco police have been using driverless cars for surveillance to assist in law enforcement investigations.

According to an SFPD training document obtained by Motherboard [PDF]: "Autonomous vehicles are recording their surroundings continuously and have the potential to help with investigative leads."

It indicates that police officers will receive additional information about how to access this evidence, and added: "Investigations have already done this several times."

Continue reading

Lawyers say changes to UK data law will make life harder for international businesses

Concerns raised over government drive to implement distinct post-Brexit policy

Legal experts say UK government plans to create new data protection laws will make more work and add costs for business, while also creating the possibility of challenges to data sharing between the EU and UK.

Last week, the Queen's Speech – in which the British government sets out its legislative plans – said the ruling Conservative party planned to replace the EU's General Data Protection Regulation (GDPR) to ease the burden on business with an approach to data protection that encourages innovation while retaining protection of personal data and privacy.

Continue reading

September 16, 1992, was not a good day to be overly enthusiastic about your job

If I get in early and work hard, everyone will notice, right?

Who, Me? "The early bird trashes the business" is a saying that we've just made up, but could easily apply to the Register reader behind a currency calamity in today's episode of Who, Me?

Our hero, Regomized as "Mike", was working as a "data entry operative" for a tourism company in 1992. The company ran bus tours to the then brand-new EuroDisney, parent company of Disneyland Paris (now the most visited theme park in Europe), which had opened earlier that year.

Mike was an eager beaver, his youthful naivete having convinced him that if he worked extra hard, came in extra early, and kept the in-tray clear, then his efforts would be both noticed and rewarded with promotion and a bump in pay.

Continue reading

(Our) hardware is still key in a multicloud world, Dell ISG chief insists

IT giant may be shifting its focus to software and services, but systems remain the foundation

Analysis At this month's Dell Technologies World show in Las Vegas, all the usual executives were prowling the keynote stages, from CEO Michael Dell to co-COOs Chuck Witten and Jeff Clark, all talking about the future of the company.

Noticeably absent were the big servers or storage systems that for decades had joined them on stage, complete with all the speeds and feeds. Though a PC made an appearance, there was no reveal of big datacenter boxes.

It's a continuing scenario that is likely to play out to various degrees at user events for other established IT hardware vendors, such as when Hewlett Packard Enterprise later next month convenes its Discover show, also in Las Vegas. It's having to adapt to the steady upward trend in multicloud adoption, the ongoing decentralization of IT and the understanding that in today's world, data is king, Hardware is still needed, but the outcomes they deliver are what is most important.

Continue reading

Ad-tech firms grab email addresses from forms before they're even submitted

Researchers find widespread harvesting of info without consent

Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent, according to security researchers.

Some of these firms are said to have also inadvertently grabbed passwords from these forms.

In a research paper scheduled to appear at the Usenix '22 security conference later this year, authors Asuman Senol (imec-COSIC, KU Leuven), Gunes Acar (Radboud University), Mathias Humbert (University of Lausanne) and Frederik Zuiderveen Borgesius, (Radboud University) describe how they measured data handling in web forms on the top 100,000 websites, as ranked by research site Tranco.

Continue reading

Arm CPU ran on electricity generated by algae for over six months

AA-battery-sized biological photovoltaic cell touted as ideal for IoT applications

Researchers at the University of Cambridge's Department of Biochemistry have run an Arm CPU for six months using algae as a power source.

As explained in a paper titled Powering a microprocessor by photosynthesis, the biochem boffins built an AA-battery-sized device that hosts an algae named Synechocystis that "naturally harvests energy from the sun through photosynthesis."

The boffins found a way to turn that harvested energy into current by using an aluminium anode, and fed it into a board hosting an Arm Cortex M0+ CPU.

Continue reading

China's Kylin Linux targets second RISC-V platform

Is state-approved Ubuntu distro how the Middle Kingdom will replace PCs with home-grown kit?

China's military-derived and government-approved Linux distribution, Ubuntu Kylin, has revealed plans to target a second RISC-V platform.

Ubuntu Kylin is Ubuntu’s official version for China and was developed in partnership with Chinese authorities, including the military.

In March 2022, a version of the OS was released for the HiFive Unmatched board – a SiFive product in the Mini-ITX form factor and packing a five-core Freedom U740 SoC.

Continue reading

Toshiba says it's talking to 10 suitors about possible sale

Hires external advisors to bolster decision making capacity and hints it could consider multiple buyout plans

Ailing Japanese giant Toshiba has revealed it has 10 potential suitors for its possible sale.

A Friday announcement revealed that Toshiba's decision to consider a sale to a private buyer has progressed to the point at which discussions are under way with §0 parties who have expressed an interest in submitting a proposal to buy the company.

Those talks have become sufficiently serious that Toshiba has appointed two sets of advisors – from Mizuho Securities and JP Morgan Securities – to offer financial advice and assist the special committee Toshiba assembled to consider offers.

Continue reading

Demand for PC and smartphone chips drops 'like a rock' says CEO of China’s top chipmaker

Markets outside China are doing better, but at home vendors have huge component stockpiles

Demand for chips needed to make smartphones and PCs has dropped "like a rock" – but mostly in China, according to Zhao Haijun, the CEO of China's largest chipmaker Semiconductor Manufacturing International Corporation (SMIC).

Speaking on the company's Q1 2022 earnings call last Friday, Zhao said smartphone makers currently have five months inventory to hand, so are working through that stockpile before ordering new product. Sales of PCs, consumer electronics and appliances are also in trouble, the CEO said, leaving some markets oversupplied with product for now. But unmet demand remains for silicon used for Wi-Fi 6, power conversion, green energy products, and analog-to-digital conversion.

The CEO's "like a rock" comment came in the Q&A section of the call, after previous scripted remarks mentioned a "destocking phase" among SMIC clients.

Continue reading

Colocation consolidation: Analysts look at what's driving the feeding frenzy

Sometimes a half-sized shipping container at the base of a cell tower is all you need

Analysis Colocation facilities aren't just a place to drop a couple of servers anymore. Many are quickly becoming full-fledged infrastructure-as-a-service providers as they embrace new consumption-based models and place a stronger emphasis on networking and edge connectivity.

But supporting the growing menagerie of value-added services takes a substantial footprint and an even larger customer base, a dynamic that's driven a wave of consolidation throughout the industry, analysts from Forrester Research and Gartner told The Register.

"You can only provide those value-added services if you're big enough," Forrester research director Glenn O'Donnell said.

Continue reading

D-Wave deploys first US-based Advantage quantum system

For those that want to keep their data in the homeland

Quantum computing outfit D-Wave Systems has announced availability of an Advantage quantum computer accessible via the cloud but physically located in the US, a key move for selling quantum services to American customers.

D-Wave reported that the newly deployed system is the first of its Advantage line of quantum computers available via its Leap quantum cloud service that is physically located in the US, rather than operating out of D-Wave’s facilities in British Columbia.

The new system is based at the University of Southern California, as part of the USC-Lockheed Martin Quantum Computing Center hosted at USC’s Information Sciences Institute, a factor that may encourage US organizations interested in evaluating quantum computing that are likely to want the assurance of accessing facilities based in the same country.

Continue reading