Adobe last week released a security update for a critical vulnerability in Adobe Flash, but according to security researcher Aviv Raff, installing the update could be cause for concern.
"If you did upgrade to the latest version of Flash from the Adobe website, you very likely have Adobe Download Manager installed," Raff points out.
So what's the big deal? Raff says there's an undisclosed flaw in the way Adobe's Download Manager works, which makes it possible for an "attacker [to] force an automatic download and installation of any executable he desires." In other words, those who download the update end up exposing themselves to a zero-day attack, Raff claims.
Adobe is apparently aware of the issue and is reportedly working with Raff to patch it up. The software maker also downplayed the security risk, saying "the user has to accept a number of prompts before being taken through the installation process," and therefore making it hard for a user to install unwanted and malicious software without their knowledge.
One of the bigger complaints with Apple's recently announced (and long hyped) iPad is that it doesn't support Flash, which some feel renders the $500+ tablet little more than a fashionable paperweight. That's not such a bad thing in Jobs' eyes, at least according to a report in Valleywag in which the feud between Apple and Adobe took a turn for the bitter.
As the story goes, Jobs shot down Adobe's Flash as little more than "a CPU hog" riddled with "security holes" and "old technology," so why bother including it in the iPad?
His alleged comments echo a similar sentiment shared during a shareholder meeting two years ago when Jobs explained why Flash wouldn't be integrated into the iPhone, saying the PC Flash version "performs too slow to be useful" and that Flash Lite "is not capable of being used with the Web."
Anyone think Apple and Adobe will eventually kiss and make up?
Today at Mobile World Congress Google showed off a new piece of software that may prevent untold thousands of cultural misunderstandings. The prototype software allows a user to upload a photo of text, and then translate it to a different language. In the demo, the application was used on a German menu where it correctly translated "Fruhlingssalat mit Wildkrautern" as "spring salad with wild herbs."
The app was running on an Android phone, but few details were released. It could be this is just some unreleased feature in Google Goggles. Google CEO Eric Schmidt played off the demo in his speech when he said the availability of cloud computing applications on phones would be a potent factor in the future of wireless technology.
The Google event also included a new look at Flash content working on the Android operating system. Between that and the image translation app, Google managed to work the Android fanboys into a frenzy. No word on release dates for either feature.
Adobe on Monday announced it has joined the LiMo foundation, an industry consortium "dedicated to creating the first truly open, hardware-independent" Linux OS for mobile devices.
The move will have Adobe bringing its Flash platform to the LiMo platform, enabling developers and content providers to create apps that can run on LiMo devices.
"Bringing the Flash platform to LiMo opens up a significant opportunity for Adobe to further its goals of open standards and multi-screen interoperability of rich mobile content," said David Wadhwani, general manger and vice president, Flash Platform Business at Adobe. "Following the goals of the Open Screen Project, the openness of Linux and the Flash platform represent a common vision to enable consumers to engage with rich Internet experiences seamlessly across any device, anywhere."
In addition to Adobe, the LiMo foundation said it also added ELSE Ltd. MobiTV, and SRS Labs to its ranks.
It's been nearly a week since I last reported about Apple's reluctance to allow its users access to the Flash platform. Apple--and Steve Jobs himself--have reportedly claimed that the instability of Flash was the driving factor behind Apple's ripping of this app straight off of its mobile devices (including the brand-new iPad) in favor of an HTML5-based solution for interactive content.
Although Adobe seemed to be letting Jobs' alleged tirade against Flash earlier this week go unanswered, ‘twas not meant to be. Adobe CTO Kevin Lynch has since responded in the company's official "Executive Perspectives" blog. I'm not much of a betting man (nightmares of CES losses haunt me to this day), but perhaps you are: Just which way do you think Lynch points the finger of blame for Flash's absence on--quote unquote--"a recent magical device."
By now, you've surely checked out Mark Soper's excellent guide for creating PDFs by using a multitude of applications, editing steps, and detail settings. If not, you owe it to yourself to give the article a scan so you're as well-versed as he when it comes to transforming ordinary files into these kinds of feature-packed super-documents.
As he correctly puts it, Adobe ain't the only game in town when you're trying to turn the contents of something you're looking at into this trusty, cross-platform format. Let's go one step further. Installed programs aren't the only way to create a PDF, period.
If you're on a new computer (or, for that matter, your boss's computer), you might not want to fire up the ol' Adobe installer just to be able to gain the right to transform your screen into a PDF. And sure, there are plenty of freeware opportunities out there that will allow you to print to a PDF. But that's still too many steps in the process. It's 4:59 on a Friday: You want to make a PDF, hit the power button on your PC, and be able to drink one-third of your "it's the weekend" celebratory iced tea before your monitor goes black. What are you going to do?
If the answer is "cry," then you have failed this exercise. But let it not be said that my heart is two sizes too small. For a little Web app exists--conveniently called PDFmyURL--that does exactly that. Provided the subject of your affection is a Web page of any size, shape, or extension... you will be able to transform it into a downloadable PDF as fast as you'll be able to finish reading the rest of this sentence.
You know Adobe's portable document format: PDF. It's everywhere, from downloadable documentation for a motherboard you need to tweak to press releases from the assemblyman from Lower Someplace, PDFs rule. Why? It's not hard to understand:
PDF files are supported by computers and mobile devices, including smartphones; comparable formats such as Microsoft's XPS don't enjoy nearly as wide a level of support
PDF files are cross-platform, enabling you to create a PDF on a PC and read it on any other device with PDF support
PDF documents can be optimized for web display, eBook readers, PC printing, and high-resolution professional printing
Add up these reasons, and it's easy to see why PDF make sense if you need to distribute a document that can be read everywhere.
Although Adobe sets the standards for PDF files with its Acrobat PDF creation and Reader PDF display software, Adobe isn't the only game in town when it comes to PDF creation. In this article, you'll discover if your system is already ready to spit out a PDF on demand, how to add PDF output to your system, and how to track down free tools that enable you to perform some PDF editing.
I'm not sure which of these is a more compelling criticism of the Apple iPad: "They named it what?" or "Where's the Flash?"
It's no secret that Apple harbors no love for Adobe's Flash architecture. John Gruber over at Daring Fireball recently wrote up a wonderful treatise as to why this is the case. If you have a spare hour or so, I recommend giving it a look-see. I'll spoil the ending for the sake of continuing on with this column: Flash is a proprietary architecture that Apple has no control over. Thus, when Flash-based elements wreak havoc on the stability of Apple platforms, Apple can't do much to fix the issue--nor can the company convert the 32-bit Flash binary over to Apple's goal of a system-wide, 64-bit experience.
The enemy of Apple's proprietary enemy might be the company's friend, but it's no friend to the Internet.
Google's Chrome OS has garnered a lot of attention in recent times. Early glimpses, however, don't quite justify the hype. Many tech savants have already written off the operating system as nothing more than a sexed up browser. However, it is still a little early for obituaries as Google may have a trump hiding up its sleeve. McAfee is one company that acknowledges the possibility of Chrome OS living up to all the hype.
According to its latest report titled "2010 Threat Predictions,"the operating system may become a prime target for hackers in the eventuality of it becoming rife. The security company fears that Chrome OS's dependence on HTML5 - allows web apps both online and offline access to a user's PC - will endear it to hackers. "When a technology is widely used and adopted, the bad guys will latch onto it before the good guys do,"said McAfee's director of security research, David Marcus. McAfee also expects the popularity of Adobe software among hackers to soar to such levels that it may become the most targeted application software in 2010.
The report had a word of caution for users of social networking sites as well. They might become more vulnerable in the new year as such sites come under increased attack. The report specifically mentioned the use of URL-shortening services in spreading malicious links through the social web.
The other day, Adobe announced it had discovered a vulnerability in its Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild, and assured users the company was investigating the issue. The good news is that Adobe's security team has finished the investigation. And the bad news? You'll have to wait until at least January 12, 2010 -- the targeted ship date -- to receive a patch.
According to Adobe, it considering stopping everything else and working immediately on an out-of-cycle security update with a one-off fix, but because that would still take between two and three weeks, doing so would knock off the timing of its next planned quarterly security update. So instead the fix will be rolled into the code branch for the next quarterly update.