Google’s ebook store has finally stepped out of the realm of rumors and entered the real world. Matter-of-factly called the Google eBookstore, it is well stocked and supports a wide variety of devices, including PCs, smartphones, tablets and e-readers. According to Google, the store boasts the largest ebooks collection in the world with more than three million titles.
Since its Google’s ebook store, books are stored in the cloud and can be bought and read in it as well. Offline reading on Android and iOS devices is supported through native apps. As for e-readers, support is restricted to only those devices that are compatible with the Adobe eBook platform. While Amazon’s Kindle is not supported, Barnes & Noble Nook and Sony Reader are probably the most notable names on the list of supported devices.
Adobe on Monday issued another security advisory warning users of yet another zero-day bug in its software. This is the second time this month that the San Jose-based software developer has warned of a critical bug that is reportedly being exploited in the wild. While the first advisory, issued only a few days ago, warned of a critical bug in Reader and Acrobat, the latest warning pertains to a critical vulnerability in its Flash player.
“A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh,” the bug-inured company warned in the advisory.
“This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.”
The company expects to provide patches for both the vulnerabilities within the next three weeks.
We know it's hard to believe, but your Adobe Reader and/or Acrobat software is in need of some patching. That's according to Adobe, which is warning users of a critical vulnerability affecting Reader and Acrobat versions 9.3.4 and earlier.
That's the bad news. The even even worse news is that the vulnerability, when exploited, could crash your machine and potentially allow an attacker to seize control, Adobe says. And the really bad news is that this vulnerability is being actively exploited in the wild.
Ready for the good news? Not so fast, we haven't covered the no-good terrible news. This nasty security hole -- the one the bad guys know about and are currently exploiting -- can't yet be plugged, though if it's any consolation, Adobe promises it's "in the process of evaluating the schedule for an update to resolve this vulnerability." Comforting, isn't it?
Alright, we're finally ready for some good news, and here it is. You don't have to use Adobe products to read those PDF files. One of our favorite free alternatives is Foxit's free Reader program available here.
What do you use to read PDF documents? Hit the jump and let us know.
The newest jailbreak for Apple's iOS platform has exposed a serious exploit that could allow a remote attacker to compromise the device. The exploit is present in all iPhones, iPads, and iPod Touches running version 3.1.2 and higher. The exploit doesn't even require any particular user intervention, just opening a malicious PDF document.
The user is just required to visit a web address in mobile Safari that will load a PDF document. The PDF contains malicious code hidden in a font. The font will cause a stack overflow, allowing the code to be run on the device. A hacker could conceivably do anything at that point. Anything from deleting files, to installing spyware in the background.
This is similar to an exploit early in the iPhone's existence that used TIFF images. But this time around there are many more iPhones in the world, so we expect Apple to take this pretty seriously. Users are cautioned to avoid any PDFs for the time being.
Adobe is no stranger to criticism. The company has consistently drawn flak for its piss poor security track record. In fact, it would be reasonable to believe that Adobe is inured to the constant castigation.
But it now seems to be making more serious efforts to plug the many holes in its software. Back in April, it introduced an automatic updater for its Acrobat and Reader products, giving it the ability to tackle critical security issues speedily. And now it has turned its focus to “sandboxing,” a security mechanism that involves running the concerned software in an isolated environment - the sandbox.
Initially, the new feature, dubbed “Protected Mode, will only be used to sandbox “write calls.” But a subsequent update will also help stave off exploit code that tries to copy sensitive information from the user’s machine. "In the first release, everything that is involved in rendering a PDF has to happen within the sandbox.”
Adobe expects to have the next version of Reader ready before the end of the year.
M86 Security Labs released a list of the top 15 most observed vulnerabilities for the first half of 2010 and, surprise-surprise, Adobe Acrobat & Adobe Reader (No. 1) and Microsoft Internet Explorer (No. 2) took the top two spots.
It wasn't enough to just take the top spots, Adobe Reader and Microsoft IE overachieved (underachieved?) by claiming nine out of the 15 slots, with four of them belonging to Adobe and five for Microsoft.
The list also indicates a growing focus on exploiting Java-based vulnerabilities.
"Java is the next low-hanging fruit for attackers," says Marc Maiffret, chief technology officer at eEye Digital Security.
Up until now, Google has relied on the traditional browser plug-in model for PDF support in Chrome, but there are some downsides to going this route. Most notably, this path opens users up to compatibility, performance, and security problems, Google says, so the search titan has decided to take a different approach.
"To overcome [these problems], we've been working with the Web community to help define a next generation browser plug-in API," Google said in a recent blog post. "We have begun using this API to improve the experience of viewing and interacting with PDF files in Google Chrome. This mirrors our efforts to optimize the Adobe Flash Player experience in Chrome.
"Today, we are making available an integrated PDF viewing experience in the Chrome developer channel for Windows and Mac, which can be enabled by visiting chrome://plugins."
Google said that Linux support is on the way. In the meantime, users who enable PDF integration will see PDF files rendered seamlessly as HTML pages, the search giant said. Basic interactions will be the same as for Web pages, like zooming and searching, and PDF functionality will be contained withing the security sandbox Chrome uses to render regular HTML pages.
Windows can do a lot of things out of the box -- play music and videos, browse the Internet, and backup software, to name just a few -- but Microsoft should add a PDF viewer, a security researcher argues.
Sullivan was referring to the advanced features found in third-party applications, such as Adobe's Acrobat reader. But some of those features have opened Windows users up to virus attacks. According to McAfee, PDF exploits were up more than eight times in 2009 compared to 2008, and that trend is continuing so far in 2010.
"Your customers are tired of the exploits and the complications that so many of today's PDF readers include," Sullivan wrote in an open letter to Microsoft.
PDFs. Why do we use PDFs? It's a question I've asked myself time and time again during the following scenarios: my default PDF reader crashing my browser whenever I erroneously click on a link to the blasted extension, an image- or page-packed PDF consuming all of the system resources on my work machine, and while I'm spending extra time to convert a perfectly likable file (.doc) into a new format that's compatible with even more people. At least, I think that's the reason.
But really, though, why do we use PDFs? Perhaps it's the wrong question I should be asking, however. Sad to say, PDFs are here to stay. And I must confess, filling out a PDF form has a certain elegance to it (and built-in digital signature support) that you just can't find in a standard text file or Word document (or OpenOffice.org document).
So instead of asking ourselves how we can rid the world of PDFs, we should really be thinking about the various ways we can improve our interactions with PDF files. That's where this week's Freeware Files comes into play. I'm going to show you five freeware or open-source apps that'll hopefully ease the burden you face when you're trying to manipulate this quirky file format. As well, I'll show you a few more features and tricks you can use to turn your own PDF routines into nothing short of a master class.
It's only fair that Google's browser, Chrome, use a Google-based service in this week's extension of the week. The name of the add-on is Send to Google Docs, but you don't need to be a rocket scientist to figure out the ins and outs of this little tweak.
I was originally scanning around for an interesting way to tweak the functionality of a PDF in the Chrome browser. In stumbling across Send to Google Docs, I was intrigued by the solution: Rather than simply sticking more save options onto the download bar, Send to Google Docs gave a far better deal.
It's kind of annoying to have to wade through a bunch of PDFs on one's hard drive. Depending on your reader of choice, clicking through PDF after PDF can eat up a lot of system resources... and a lot of time. Why not just stuff these files in the cloud and let Google's speedy rendering engine take care of the rest? Or, better yet, allow Google to convert these PDF files into a format that can be edited straight through Google Docs itself?