Security

Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

Acrobat, Reader get patched up against dozens of new holes


Adobe has posted an update to address 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS.

The PDF apps have received a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited. Other possible attacks include elevation of privilege flaws and information disclosure vulnerabilities.

Fortunately, Adobe said that none of the bugs was currently being targeted in the wild - yet.

Whoa, is it Patch Tuesday already? No, just an unexpected critical Photoshop fix

READ MORE

For Mac and Windows Acrobat/Reader DC users, the fixes will be present in versions 2019.008.20071. For those using the older Acrobat and Reader 2017 versions, the fix will be labeled 2017.011.30105.

Because PDF readers have become such a popular target for email and web-based malware attacks, users and admins alike would do well to test and install the updates as soon as possible. Exploit-laden PDFs have for more than a decade proven to be one of the most reliable ways to put malware on someone's machine.

In total, Adobe credited 19 different researchers with discovering and reporting the vulnerabilities. Among the more prolific bug hunters were Omri Herscovici of CheckPoint Software, who was credited for finding and reporting 35 CVE-listed bugs, and Ke Liu and Tencent Security Xuanwu Lab, who was credited with finding 11 of the patched Adobe vulnerabilities. Beihang University's Lin Wang was given credit for nine vulnerabilities.

While we're on the subject of massive security updates, both users and admins will want to mark their calendars for a week from Tuesday. October 9 is slated to be this month's edition of the scheduled 'Patch Tuesday' monthly security update.

In addition to the normally hefty Microsoft load of fixes for vulnerabilities in Windows, Edge, Internet Explorer, and Office, the Patch Tuesday dump also usually includes a number of fixes from Adobe for products like Flash Player. ®

Send us news
47 Comments

Open-source developers under corporate pressure to adopt less-permissive licenses, Percona CEO says

Cloud hyperscalers drive projects to slap restrictions on code use

Percona’s CEO had taken a swipe at open-source software vendors switching to proprietary or less-permissive open-source licences in an attempt to avoid being run over by cloud giants.

Peter Zaitsev said open-source companies are coming under increasing pressure from their boards to bring more software under a closed-source license, or something close to it, as they seek to compete with cloud vendors who take freely available open-source software and redistribute it as paid-for managed services.

Speaking at Percona Live this week, Zaitsev – who also co-founded the software and consultancy biz he heads up – said the promise of cloud computing had under-delivered for open-source database developers, forcing them to reexamine their business models.

Continue reading

Microsoft's cloud gets JAMstacked: Azure Static Web Apps greenlit for production

JAM with a distinct whiff of Redmond, as you would expect

Microsoft's Azure Static Web Apps service, in preview since May 2020, is now generally available, together with extensions for Visual Studio Code to support local development and automatic deployment via GitHub.

The idea behind static websites is that serving fixed content is inherently faster, simpler, and more secure than generating content dynamically on the server with technology like PHP, Python, Java, ASP.NET, or Node.js. One of the advantages is that static pages are easily cached by content delivery networks (CDNs), and Microsoft states that its new service has "globally distributed content for production apps" though the details are sketchy.

Applications in this model, sometimes called JAMstack (JavaScript, API and Markup), retrieve dynamic content via services called from JavaScript running in the web browser so rather than eliminating server side code, it is shifted to APIs.

Continue reading

Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway – report

Anonymous sources get into war-by-media counterbriefing

Colonial Pipeline's operators reportedly paid $5m to regain control of their digital systems and get the pipeline pumping oil following last week's ransomware infection.

News of the payoff was broken by Bloomberg – which not only cited anonymous sources but also mocked other news outlets' anonymous sources for saying earlier this week that the American pipeline operator would never pay the ransom.

"On Wednesday, media outlets including the Washington Post and Reuters reported that the company had no immediate intention of paying the ransom. Those reports were based on anonymous sources," gloated Bloomberg, while avoiding describing its unnamed "people familiar with the company's efforts" in the same terms.

Continue reading

Google Cloud and SpaceX buddy up to fling edgy data and cloud services via Starlink

Sign-ups open in second half of 2021

Google has linked arms with SpaceX to hawk data and cloud services through the Starlink constellation.

The deal will result in Starlink ground stations being located within (or probably on top of) Google's data centres and blasting the Chocolate Factory's cloud services out to the edge via Elon Musk's sky-scratching mega constellation.

The delivery of the internet service promised by Starlink will be supported by Google Cloud's private network. Thus even those in the most remote of areas will be unable to escape Google's services.

Continue reading

Guido van Rossum aiming to make CPython 2x faster in 3.11

'I got bored sitting at home while retired ... I chose to go back to my roots'

Language Summit Python creator Guido van Rossum this week told attendees at the Language Summit that he hopes to double performance in version 3.11.

The programming language is relatively slow in its default CPython implementation, though there are many ways to make it faster including performance-oriented alternatives like PyPy. Historically Van Rossum had seemed unconcerned about Python performance, favouring the simplicity of a compiler that is less well optimized.

Slides from the summit now posted [PDF] suggest a change of heart. "I got bored sitting at home while retired," he said. "I applied at Microsoft and got hired. I was given freedom to pick a project. I chose to go back to my roots. This is Microsoft's way of giving back to Python."

Continue reading

Take-home salary pay cut in 2021? Billionaire Michael Dell feels you, slices off most of own yearly pay

Paid fraction of his fellow execs, though he is worth $50+bn (just don't mention tax)

For a man’s whose net worth is estimated at $50.7bn Michael Dell isn’t short of spare change, but he was paid a fraction of what his corporate generals received in fiscal 2021 after agreeing to forgo a huge chunk of his salary.

The compensation packages received by the other Dell executives for the company’s fiscal 2021 ended 31 January swelled after the targets for revenue and profit were surpassed, according to material filed with the SEC for an Annual General Meeting of Shareholders scheduled for 22 June.

The filing reiterates that Dell, the founder, Chairman and CEO of the tech biz, agreed to forgo his base salary of $950,000 as of 2 May last year, the start of Dell’s Q2 of fiscal ’21.

Continue reading

Openreach slaps another 5 million premises on top of FTTP connection target, expects to pay 'minimal tax in the UK' over next few years

We'll hire 7,000 to get it done by 2026, says boss

BT's Openreach has promised to bring FTTP connectivity to 25 million premises by the end of 2026, an increase of 5 million against the previous target.

To meet its loftier goal, the telco pledged to increase its FTTP build rate from 3 million premises each year to 4 million. This, company boss Philip Jansen said, will result in the direct creation of 7,000 new jobs.

Speaking on BT's quarterly conference call, Jansen claimed the company had renewed confidence it would be able to scale up its build numbers thanks to a tax break for full-fibre builds, which he described as a "really good move," as well as regulatory reforms introduced in Ofcom's Wholesale Fixed Telecoms Market Review (WFTMR), which limited pricing controls on new fibre-based products.

Continue reading

As Samsung breaks ground on new EUV semi foundry, SK Hynix mulls expanding its logic and contract fab businesses

Analyst: 'Company may need to license 7nm and below process tech'

With the world facing a drought of crucial semiconductor components, Samsung Electronics has said it plans to dig a fresh borehole in the form of a new production facility, expected to open in Q2 next year.

Construction has already begun on the new production line, dubbed P3 and based in the city of Pyeongtaek. Samsung said the facility will be tasked with producing 5nm logic semiconductors and 14nm DRAM using EUV lithography tech.

Continue reading

Colonial Pipeline was looking to hire cybersecurity manager before ransomware attack shut down operations

Good luck to whoever got that gig

Stricken US bulk hydrocarbon conveyor Colonial Pipeline advertised for a new cybersecurity manager a month before that ransomware attack forced operators to shut down the pipeline as a pre-emptive safety measure.

The job advert came to light in the wake of the ransomware attack, which shut down one of America's largest pipelines on Friday 7 May.

"Employees find exciting opportunities to grow and develop their careers at a stable company which offers a generous compensation and benefits package that includes annual incentive bonuses, retirement plans, insurance coverage and a host of other features that support a happy, active, productive and rewarding life," says the advertisement (also available here).

Continue reading

James Webb Space Telescope runs one last dress rehearsal for its massive golden mirrors before heading to launchpad

A few final tests then it's bags packed for French Guiana – and about time too

ESA, CSA and NASA's James Webb Telescope opened its giant primary mirror one last time on Earth ahead of being packed up for long awaited launch later this year.

The 6.5m structure, comprised of 18 hexagonal mirrors, was commanded from the Northrop Grumman testing control room in California to expand and lock itself into place in the same way it will in space. The only difference will be the addition of some equipment to simulate the gravity (or lack thereof) of where it will spend its operational life.

The test is the team's final checkpoint in a series of qualifications aimed at ensuring the telescope and its multitude of parts (including the 132 actuators and motors used to deploy and focus the mirrors) will withstand the rigours of launch and a lengthy mission near the Earth-Sun L2 Lagrange point.

Continue reading

Man paralyzed from neck down uses AI brain implants to write out text messages

Read my blips

Video A combination of brain implants and a neural network helped a 65-year-old man paralyzed from the neck down type out text messages on a computer at 90 characters per minute, faster than any other known brain-machine interface.

The patient, referred to as T5 in a research paper published [preprint] in Nature on Wednesday, is the first person to test the technology, which was developed by a team of researchers led by America's Stanford University.

Two widgets were attached to the surface of T5’s brain; the devices featured hundreds of fine electrodes that penetrated about a millimetre into the patient’s gray matter. The test subject was then asked to imagine writing out 572 sentences over the course of three days. These text passages contained all the letters of the alphabet as well as punctuation marks. T5 was asked to represent spaces in between words using the greater than symbol, >.

Continue reading