Following in Microsoft's footsteps with its monthly 'Patch Tuesday' approach to system security, Adobe said it will stick to a quarterly release schedule for security updates of its own.
"Based on feedback from our customers, who have processes and resources geared toward Microsoft’s “Patch Tuesday” security updates, we will make Adobe’s quarterly patches available on the same days. (Although our 3/10/09 and 5/12/09 security patches landed on Patch Tuesday, the timing was coincidental. In both cases, we shipped the patches as soon as we finished testing them.)," Brad Arkin, Adobe director of product security and privacy, wrote in a blog post.
In March, Adobe released a patch that fixed a critical vulnerability in Adobe Reader 9 and Acrobat 9 that would have allowed an attacker to gain complete control of victim's PC. According to Arkin, this security hole led to the company's decision to implement scheduled security updates.
If you haven’t done so already, make sure your Adobe reader has checked for, and downloaded the latest updates. Adobe has finally released a patch for the zero day scripting vulnerability in its PDF software. The patch for version 9 hit the net a bit earlier than expected, but not a moment too soon to combat this now critically exploited weakness which has been in the wild now since December 2008. The patches for Version 7 & 8 are still planned for March 18th and users of this version would be advised to either upgrade to 9.1 or consider Foxit Reader.
The news was posted by Adobe blogger David Lenoe. "Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the 'no-click' variant of the vulnerability." "We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1."
For those that haven’t been following the details of the exploit, the vulnerability is a result of an array indexing error in the processing of JBIG2 streams. Hackers have found a way to corrupt arbitrary memory using the PDF format and take control of compromised systems. The lesson learned here if we didn’t know it already, don’t take candy, or PDF’s from strangers.
Ouch! It's been a bad week for Adobe Acrobat and Reader users, DailyTech's Jason Mick reports. Some visitors to eweek.com viewed PDF-based ads that attempted to redirect readers to malicious websites and then tried to download Bloodhound.Exploit.213. This vulnerability affects only Acrobat and Reader 8.12 and earlier and was patched back in November with version 8.13, but not everyone's gotten around to updating their Adobe products yet. eWeek's pulled the offending ads, and Adobe was already offering a fix - and that's the good news.
The bad news? There's an even more serious flaw on the loose that targets all versions of Acrobat and Reader, including version 9.0. There are no updates yet (the update for version 9 is expected by March 11, but version 7 and 8 users must wait a bit longer). So, what can you do in the meantime? Lots of MaximumPC readers recommend the free Foxit Reader, but if you must use Adobe, join us after the jump for workarounds that can protect you in the meantime.
Adobe’s PDF reader and creator software continues to be under a seemingly endless attack, and a new vulnerability has the security community very worried. A critical flaw in all editions of its PDF reader and creator software will allow attackers to crash the application and gain control of a person’s computer. This vulnerability has been acknowledged by Adobe, but a fix is still rumored to be 2-3 week away. Initially the company will be working to patch version 9, but will eventually include fixes for version’s 7 & 8 as well.
According to the McAfee security blog, malicious PDF documents are already in the wild, and have been appearing across the web since early January. PDF exploits are of significant concern to the security community since the reader software interfaces very closely with web browsers. In many cases PDF documents are opened within a new browser tab, and displayed even with a user’s consent. According to Symantec this attack has primarily been directed towards government agencies and large corporations, it is not widespread as of yet.
Adobe and new BFF Nokia announced a $10 million Open Screen Project fund to encourage developers to create Flash-based applications and services for mobile devices.
"We are excited about the Open Screen Project Fund and the possibilities it offers to designers and developers worldwide," said David Wadhwani, general manager and vice president of the Platform Business Unit at Adobe. "With close to 40 percent of all new mobile devices shipped with Flash Lite in 2008, the fund will enable more developers to bring their rich content and services to a large number of mobile users."
To make a bid for a portion of the grant money, interested developers are being asked to submit concepts for apps built around the Flash platform, capable of running on Nokia devices, and support a variety of screens, such as mobile, desktop, and consumer electronics devices. Once submitted, projects will be reviewed by Open Screen Project partners that include Adobe, Nokia, and Palm, who will be looking for how innovative and compelling the user experience is, how robust the application or planned implementation, and how well it exploits the capabilities and features of Nokia devices, the companies said.
More information, including how to apply, can be found here.
Novell's Mono Project released version 1.0 of Moonlight today, an open-source platform that allows Linux users to view Microsoft Silverlight-based content and applications. Delivered as a Firefox extension, Moonlight comes alongside the release of the Microsoft Media Pack, a Firefox extension that gives Linux users access to Microsoft-endorsed media codecs. This opens up the door for playing all Silverlight-compatible media (including MP3, WMA, and WMV files). According to Novel, Moonlight should work with all major Linux distributions, including openSUSE, Fedora, Red Hat, and Ubuntu.
But if you think that this is going to put a dent in Adobe Air's market share, you're in for a treat. Click the jump to see just how much Adobe's runtime environment is winning the platform war against Microsoft's Silverlight!
Nvidia recently announced that they’ll be releasing a new “professional video editing accelerator bundle” based on their Quadro CX platform. The bundle consists of a Quadro CX video card and Adobe Premiere Pro CS4, and they claim that it will be able to encode H.264 video four times faster than a dual-core CPU.
Nvidia reports that rendering times for a one-hour movie requires 10 hours on a dual-core CPU, whereas with their Quadro CX it would only take two hours and 35 minutes.
So if you’re looking to get yourself into the video editing game with a powerful bundle like this one, be sure to act fast. The bundle will be going for $1,999 until March 31, 2009. After that, the bundle will jump up to $2,299.
With CES kicking off later this week, expect a deluge of nifty product and technology announcements, not all of which will ever see the light of day. One that likely will, however, is a joint collaboration between Intel and Adobe to extend the Flash platform over to your living TV using Intel's Media Processor CE 3100.
"The Intel® Media Processor CE 3100 is a highly integrated solution that provides a powerful, yet flexible technology foundation that will bring to life the high-definition capabilities of Adobe Flash," said William O. Leszinske Jr., general manager of Intel's Digital Home Group. "Our effort with Adobe is poised to accelerate a rich, yet relevant Internet experience on the TV that will provide consumers with access to a growing number of Flash based applications that will ultimately be enjoyed across a number of screens seamlessly, from the laptop to a MID and now the TV."
Intel said it plans to ship the first CE3100 devices with support for an optimized implementation of Adobe Flash Lite by the middle of 2009 at the very latest. Should that happen, it would be a boon to streaming content providers like Hulu and could help bring online streaming videos on living room TVs into the mainstream.
A fast car won’t make you turn better laps at Laguna Seca. A pair of $200 sneakers won’t help you outplay Lebron James, and installing Photoshop CS4 won’t make your photos magically better. While that may be true, Adobe’s Photoshop Elements 7.0 will almost certainly make the average person’s photos better. Now in its seventh iteration, Elements 7.0 uses the guts of the extremely powerful Photoshop and tries to make it friendly to everyone.
Adobe's come up with a new tool that could ultimately change the way you look at web browsing. As it stands now, glimpsing back in time means honing your Google-fu, with no real efficient way of looking at a particular page or subject by date. Adobe's Zoetrope tool changes all that.
Of course, you can already go back in time using projects like the Internet Archive, but Zoetrope makes such methods seem rudimentary by comparison. With Zoetrope, a user can look back hours, days, or months by pulling on a scrollbar at the bottom of any given webpage. And that's just the beginning. By drawing a selection box over any part of a particular page - like stock prices, for example - Zoetrope makes it possible to scroll back in time just on the selected portion while the rest of the page remains the same. From there, you can make multiple selections, link them together, and turn them into graphs. Let's say Nvidia just announced a price drop on one of its videocards. Using Zoetrope, you could head over to Newegg and highlight one or more cards, then scroll back in time and quickly determine if price drops are few and far between or fairly consistent.
A description really doesn't do the technology justice, and thankfully Technology Review has posted a video of the nifty tool in action. Check it out, then hit the jump and tell us what you think.