The said bug, which can be exploited using a special TrueType font, can be used to execute arbitrary code. According to Miller, Adobe first learnt of the vulnerability from Google security engineer Tavis Ormandy. "Apparently @taviso previously reported to Adobe the Reader 0-day I dropped at BH. Haha, ruined his effort at trying to be responsible," Miller quipped in a Tweet Tuesday.
Tavis Ormandy was recently in the crosshairs after he went public with a critical vulnerability in Windows' HCP protocol only a few days after notifying Microsoft about it.
Adobe is often maligned for the number of vulnerabilities in its software. Of course, one could argue that the prevalence of Adobe software has made it one of the most targeted 3rd party software vendor and there is little it can do to change that, but the fact is that the San Jose-based company has been leisurely in addressing security concerns.
With few exceptions, our advice has always been to purchase the fastest hardware you can afford right now rather than wait for something faster to come along when you're in need of an upgrade. Why? As any PC hobbyist will tell you, there's always something bigger, faster, and just plain better on the horizon, and once you get stuck playing the 'waiting game,' it's hard to ever pull the trigger.
We bring this up because EVGA has done something unique with its GeForce GTX 460 line. The graphics card maker recently released a new BIOS, which in and of itself isn't anything new, but this updated BIOS pushes the core/shader clockspeeds to 720MHz/1440MHz, up from 675MHz/1350MHz.
That's a generous 7 percent "Free Performance Boost," as EVGA calls its BIOS update, which only further sweetens the pot (EVGA cards are backed by a lifetime warranty, provided you register your card online within 30 days of purchase). Pessimists will point out that the clockspeed increases aren't going to make a huge difference in gaming performance, but hey, videocards boasting a 7 percent boost over reference clocks typically carry a pricing premium, and here EVGA is giving away performance bumps to existing owners. That's just rad.
You can snag the update here, being extra careful to follow EVGA's directions to a T.
We've touched on the impending demise of XP Service Pack 2 (SP2) on a couple of occasions in the past week or so, and if you were still caught off guard today by Microsoft ending support, then extend your leg and swing it back as far and as fast as possible, with the goal being to kick yourself in your own ass for failing to pay attention.
Whether you were ready for it or not, what happens now? For starters, Microsoft will stop sending out updates and security patches for the now-defunct version of Windows, leaving XP SP2 users vulnerable in a number of areas, including IE, WMP, and Outlook Express.
You do have some options, however, the most obvious one being to upgrade to SP3. If for whatever reason that's not an option and you're simply stuck on XP SP2, you can make the best of a bad situation by first and foremost getting rid of IE. It doesn't matter what version of Microsoft's popular browser you're running, you won't be receiving updates. Instead, consider (strongly) switching to any of the alternatives, such as Firefox, Chrome, Safari, or Opera, all of which will continue kicking out updates.
Other steps you can take: update other programs, install AV software (if you haven't already), keep your firewall running, and cross your fingers.
Adobe on Tuesday posted a Security Bulletin alerting the public that it has identified a critical vulnerability in Adoble Flash Player 10.0.45.2 and earlier versions for Windows, Mac, Linux, and Solaris operating systems. A security flaw was also found in the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Mac, and UNIX platforms.
"This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said. "There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat."
That was one of 17 security vulnerabilities identified, the rest of which apply to Adobe Reader and Acrobat. All of these have been labeled as "critical" and run the gamut from memory corruption (could lead to code execution) to a social networking attack.
New drivers are available for Nvidia graphics card owners, version 257.21. The latest release adds support for Blu-ray 3D with Nvidia 3D Vision technology and serves up a ton of performance improvements for GTX 400 series owners, some of which include:
Up to 14 percent in Aliens vs Predator
Up to 4 percent in Batman: Arkham Asylum
Up to 5 percent in BattleForge
Up to 24 percent in Enemy Territory: Quake Wars
Up to 40 percent in Metro 2033 with SLI
Up to 9 percent in Unigine: Tropics
Up to 5 percent in 3DMark Vantage
Nvidia also made upgrades to the PhysX System Software to version 9.10.0223, added support for OpenGL 4.0 for GTX 400 cards, added a new Control Panel feature for "ultimate control over CUDA GPUs," and a bunch of other changes, some of which are specific to version 257.21 and others that apply to the 256 (and above) family of drivers.
Microsoft tomorrow will issue 10 security bulletins to address 34 security vulnerabilities found in Windows, Office, and Internet Explorer, the Redmond outfit announced. Three of the bulletins have been rated as "Critical," which would allow an attacker to take full control of the affected machine, while the remaining seven are listed as "Important," the second-highest rating in Microsoft's four-point scale ("Moderate" and "Low" being the remaining two).
This is a large update that will give IT admins plenty to do this week. All three critical vulnerabilities affect all Windows OS versions, including XP, Vista, Windows 7, and Windows Server 2008, as well as several versions of Internet Explorer.
What exactly all these security fixes will address hasn't yet been disclosed, though six of them deal with Remote Code Execution, three with Elevation of Privilege, and one addresses a Tampering vulnerability. Two of the updates -- including one ranked as Critical -- will require a system restart, while the remaining eight may require rebooting, Microsoft said.
Don’t get us wrong: Steam’s a wonderful platform built on a rock-solid foundation of functionality and excellent deals. We wouldn’t trade that for the world. But we’re also incredibly vain people, and we have to admit that – for a while there – we had to imagine other game platforms when we were in bed with Steam. Playing games. On our laptops.
Now, though, everything’s shiny and new again. Valve’s completely overhauled Steam, upping the platform’s geek chic factor with a brand new coat of paint. On top of that, the new Steam brings with it a slew of new features, which Valve has handily outlined here. The long and short of it, however, is this: a revamped friends list, a customizable news feed, a more functional achievement system, and a games library that you don’t need a GPS to navigate.
So then, if you haven’t done it already, make with the downloading. Well, unless you’re a Mac user. Then, according to Valve, you’ll be playing the waiting game for a bit longer. “Soon” is the official word. Let’s be honest, though: you’ve already waited for years. What’s another month or two?
In a blog post on Wednesday, Eric Lempel, Director of Sony's PlayStation Network Operations, announced a "mandatory update" (version 3.30) which he says will be available shortly. Most of the added features have to do with sorting options within Trophies, including:
Trophy Enhancements: It's now easier to sort trophies in the Trophy Collection and Comparing Trophy sections.
Trophy Folder (Title List): this can be sorted by game name or title according to teh date in which they were earned
Add-on List (Group List): can be sorted by original/the date in which yu earned your last trophy (ascending/descending)
Trophy List: can be sorted by original/trophy name/grade/date of obtaining the trophy (ascending/descending)
The update also readies the PS3 console for some upcoming features, most notably 3D stereoscopic gaming "which is coming soon to the PS3."
This is the Sony's second firmware upgrade in less than a month, and it's interesting that this latest one is being described as mandatory. On April 1st, Sony released firmware version 3.21, which was primarily to kill off the "Install Other OS" feature. While this was an optional update, users who opted not to install it would lose key features, such as the ability to sign in to the PlayStation Network.
Starting this Tuesday, April 13, Sun's Solaris operating system will receive quarterly security patches, Oracle announced. This comes as good news for Solaris users, who will now know months in advanced when they will be getting security updates.
Solaris isn't the only bit of Sun software to be included in these updates. According to Oracle, the next update will include 16 security fixes for a number of Sun products, including Sun Cluster, Sun Convergence, and the Sun Ray server software.
Prior to Oracle's takeover of Sun, Solaris and other Sun products were typically updated on an as-needed basis rather than any type of set schedule. After Tuesday, the next set of updates will roll out on July 13.