Adobe on Tuesday released a mega patch with 23 security fixes for its Reader PDF viewer, most of which are ranked as critical. The patch set a record for 2010 (um, woot?) though didn't quite topple Adobe's previous record of 29 bug fixes in October 2009.
"Adobe is hitting customers with a double whammy today," said Andrew Storms, director of security operations at nCircle Security. "Adobe products continue to be at the top of the target list for malware writers. They patched a zero-day flaw in Flash in late September, and today they are releasing their quarterly Acrobat update ahead of schedule because of another zero-day."
Out of the 23 updates, 20 of them "could lead to code execution," according to Adobe's security bulletin. The patch also plugs up a hole first revealed on September 7 by Mila Parkour, who reported the attack after discovering some funny business with PDFs attached to emails.
We know it's hard to believe, but your Adobe Reader and/or Acrobat software is in need of some patching. That's according to Adobe, which is warning users of a critical vulnerability affecting Reader and Acrobat versions 9.3.4 and earlier.
That's the bad news. The even even worse news is that the vulnerability, when exploited, could crash your machine and potentially allow an attacker to seize control, Adobe says. And the really bad news is that this vulnerability is being actively exploited in the wild.
Ready for the good news? Not so fast, we haven't covered the no-good terrible news. This nasty security hole -- the one the bad guys know about and are currently exploiting -- can't yet be plugged, though if it's any consolation, Adobe promises it's "in the process of evaluating the schedule for an update to resolve this vulnerability." Comforting, isn't it?
Alright, we're finally ready for some good news, and here it is. You don't have to use Adobe products to read those PDF files. One of our favorite free alternatives is Foxit's free Reader program available here.
What do you use to read PDF documents? Hit the jump and let us know.
The said bug, which can be exploited using a special TrueType font, can be used to execute arbitrary code. According to Miller, Adobe first learnt of the vulnerability from Google security engineer Tavis Ormandy. "Apparently @taviso previously reported to Adobe the Reader 0-day I dropped at BH. Haha, ruined his effort at trying to be responsible," Miller quipped in a Tweet Tuesday.
Tavis Ormandy was recently in the crosshairs after he went public with a critical vulnerability in Windows' HCP protocol only a few days after notifying Microsoft about it.
Adobe is often maligned for the number of vulnerabilities in its software. Of course, one could argue that the prevalence of Adobe software has made it one of the most targeted 3rd party software vendor and there is little it can do to change that, but the fact is that the San Jose-based company has been leisurely in addressing security concerns.
Call it the snowball effect from Apple's iPad launch, if you will, because one after another we're seeing ebook reader makers drop their price of the hardware.
With tablets clearly ready to encroach on ebook hardware territory, Barnes & Noble quickly slashed the price of its Nook reader from $259 to $199, while simultaneously launching an even lower priced Wi-Fi only model for $149. Hours later, Amazon responded with a price cut of its own, dropping the Kindle from $259 to $189. And then on July 1, Amazon slashed the cost of its Kindle DX from $489 to $379.
Now the snowball has crashed through Sony's camp, which went and quietly dropped the price of its entire line of ebook readers. Here's how it all breaks down:
Pocket Edition: $149 (down from $169)
Touch Edition: $169 (down from $199)
Daily Edition: $299 (down from $349)
Pocketbook 360: $199 (down from $239)
Pocketbook 301: $219 (down from $279)
Pocketbook 302: $279 (down from $339)
This puts Sony in better position to compete with the competition, but is it enough? At $149, the Pocket Edition won't break the bank, but it doesn't have Wi-Fi like B&N's Nook.
With all the recent price cuts, do you plan on picking up and ebook reader? If so, which one?
There is little I enjoy more than coming to Maximum PC each week to dish out a new dose of freeware and open-source software for all to enjoy. But, I confess, it's been tough times as of late-I feel as if I've covered every inch of the ol' PC ad nauseum and, as such, am running low on witty or interesting themes with which to structure these freeware roundups.
But before I would work myself into a tizzy over my failure to compartmentalize this week's apps, I remembered something: You, the readers, are awesome. So much so, that you've actually gone and done a great job of coming up with some awesome applications all by yourselves. From games, to apps to utilities, you've left few stones unturned in your various replies to my weekly freeware roundups.
And, thus, I am writing this week's freeware roundup in your honor. Not only am I profiling some of the awesome programs you've recommended, but I'm profiling the recommenders as well! And by that I mean that you, too, could be enshrined in the hallowed halls of the weekly freeware roundup-just keep leaving program tips in the comments!
In a blog post this week, Adobe announced it has been testing out a new updater technology with select beta customers since the company's October 13, 2009 quarterly update. The goal, Adobe says, is to streamline and automate updates with little to no user intervention.
Adobe is apparently happy with the tests so far is now "ready for the next phase of deployment." On Tuesday, April 13, 2010, Adobe said it will activate the new update for all users needing Adobe Reader and Acrobat 9.3.2 and 8.2.2 for Windows and Macintosh.
The new updater will give Windows users the option of selecting "Automatically install updates." If selected, the updater waits for the system to become idle "to avoid disturbing the user" and proceeds to download and install the security patches.
For those concerned about privacy, Adobe promises that it has "no plans to activate the automatic option by default without prior user consent."
I'm not going to ask how or why but, for whatever reason, people can sometimes end up with more than one Google account. Maybe you just need double the space in your Gmail; Perhaps you're the poor person who has to control both your personal Gmail and some kind of corporate account for your business. Maybe you just really like Google.
Whatever the reason, you don't really have much of an option for switching between these accounts in Google Chrome. Signing in and out of your respective accounts is your only real choice, and that's a cumbersome process that's going to tie you up in authentication procedures (especially if you aren't saving your passwords via the browser). After you've completed your thirty-fifth consecutive sign-out and sign-in between accounts, you're going to ask for one of two things: a sanity check, or a better way to manage your multiple Google accounts.
Remember that old maxim that says we use only about 10 percent of our brain’s capacity? It’s been proven as hokum by modern neuroscience, but we think we can safely apply the same basic analogy to Google: The vast, vast, vast majority of computer users—even those practiced in hardcore nerdery—are almost certainly using a pitiful fraction of all the applications and features intrinsic to Google’s ever-expanding matrix of software code.
Sure, a Maximum PC reader may be well-versed in Google’s advanced search operators (Google allintext: “advanced search operators” if you missed that chapter), but we’re willing to wager that even the most curious among you haven’t taken the time to play with more than a few Google applications, let alone explore all their advanced features. Indeed, Google HQ is a fan-friggin’-amazing hotbed of R&D, but its developers are relatively quiet about the tools they’ve released. And that’s a shame, because Google’s constant innovation should get more press.
To address your inevitable Google knowledge deficit, we commissioned Gina Trapani to share her favorite tips. Gina launched Lifehacker.com, writes about Google for a bazillion media outlets, co-hosts the “This Week In Google” netcast, and pretty much makes it her job to know as much as possible about Google’s sundry apps and features.
I've spoken of the wonders of Chrome's Google Mail Checker Plus extension before. If you missed the memo, here's a quick hit: Mail Checker Plus drops a little icon next to your address bar that gives you a frequent update as to how many unread messages are in your Gmail account. You'd think that was it, given the simplicity of what said extension has to do. However, Google Mail Checker Plus dumps a ton of options into your lap for complete and total customization of this little icon and its functionality, including the ability to drop a preview window that gives you a quick glance as to what said emails actually are, as well as complete color controls and "always-on" SSL connectivity.
Great, eh? But frequent users of Google's services will note that there's more than just Gmail to worry about. What's going on in your Google Reader feed? Any new messages come through Google Voice? What the heck is Wave and how many unread messages do you have on your watery messaging service?
That's where the simplicity of the extension One Number comes into play. To find out what this helpful add-on does, and learn all about its extensive configuration options, hit the jump!
Asus announced a ton of new laptops at CES 2010, but many were surprised to find things pretty quiet on the e-book reader front, especially with all the rumors of a multi-display touch enabled device that was expected in late 2009. Interestingly enough, those rumors were started by the Times Online UK, and the same publication is now claiming Asus has tipped them off with details of their new DR-570 planned for release later this year.
Assuming the Times Online has the straight goods this time, the DR-570 will sport a 6-inch OLED color display, along with Wi-Fi and 3G connections. Of course, a 6-inch OLED display would be wasted on books alone, so Asus is reportedly working on flash support, along with over 122 hours of battery life in "real world conditions". Asus has a pretty solid reputation as a budget electronics maker, but it will still be very interesting to see how this unit will be priced. Sony charges as much as $2,000 for an 11" OLED TV, so clearly the screen is going to be a pretty significant cost in the manufacturing of the device.
The DR-570 isn't expected until later in the year, so perhaps Asus is hoping prices will drop between now and the end of 2010. If they do pull it off however, it could end up being as game changing to the e-book reader market as the EEE PC was to the netbook market. Would you buy an OLED color e-book reader? And more importantly, what would you be willing to pay?