Adobe on Tuesday posted a Security Bulletin alerting the public that it has identified a critical vulnerability in Adoble Flash Player 10.0.45.2 and earlier versions for Windows, Mac, Linux, and Solaris operating systems. A security flaw was also found in the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Mac, and UNIX platforms.
"This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said. "There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat."
That was one of 17 security vulnerabilities identified, the rest of which apply to Adobe Reader and Acrobat. All of these have been labeled as "critical" and run the gamut from memory corruption (could lead to code execution) to a social networking attack.
New drivers are available for Nvidia graphics card owners, version 257.21. The latest release adds support for Blu-ray 3D with Nvidia 3D Vision technology and serves up a ton of performance improvements for GTX 400 series owners, some of which include:
Up to 14 percent in Aliens vs Predator
Up to 4 percent in Batman: Arkham Asylum
Up to 5 percent in BattleForge
Up to 24 percent in Enemy Territory: Quake Wars
Up to 40 percent in Metro 2033 with SLI
Up to 9 percent in Unigine: Tropics
Up to 5 percent in 3DMark Vantage
Nvidia also made upgrades to the PhysX System Software to version 9.10.0223, added support for OpenGL 4.0 for GTX 400 cards, added a new Control Panel feature for "ultimate control over CUDA GPUs," and a bunch of other changes, some of which are specific to version 257.21 and others that apply to the 256 (and above) family of drivers.
Microsoft tomorrow will issue 10 security bulletins to address 34 security vulnerabilities found in Windows, Office, and Internet Explorer, the Redmond outfit announced. Three of the bulletins have been rated as "Critical," which would allow an attacker to take full control of the affected machine, while the remaining seven are listed as "Important," the second-highest rating in Microsoft's four-point scale ("Moderate" and "Low" being the remaining two).
This is a large update that will give IT admins plenty to do this week. All three critical vulnerabilities affect all Windows OS versions, including XP, Vista, Windows 7, and Windows Server 2008, as well as several versions of Internet Explorer.
What exactly all these security fixes will address hasn't yet been disclosed, though six of them deal with Remote Code Execution, three with Elevation of Privilege, and one addresses a Tampering vulnerability. Two of the updates -- including one ranked as Critical -- will require a system restart, while the remaining eight may require rebooting, Microsoft said.
Don’t get us wrong: Steam’s a wonderful platform built on a rock-solid foundation of functionality and excellent deals. We wouldn’t trade that for the world. But we’re also incredibly vain people, and we have to admit that – for a while there – we had to imagine other game platforms when we were in bed with Steam. Playing games. On our laptops.
Now, though, everything’s shiny and new again. Valve’s completely overhauled Steam, upping the platform’s geek chic factor with a brand new coat of paint. On top of that, the new Steam brings with it a slew of new features, which Valve has handily outlined here. The long and short of it, however, is this: a revamped friends list, a customizable news feed, a more functional achievement system, and a games library that you don’t need a GPS to navigate.
So then, if you haven’t done it already, make with the downloading. Well, unless you’re a Mac user. Then, according to Valve, you’ll be playing the waiting game for a bit longer. “Soon” is the official word. Let’s be honest, though: you’ve already waited for years. What’s another month or two?
In a blog post on Wednesday, Eric Lempel, Director of Sony's PlayStation Network Operations, announced a "mandatory update" (version 3.30) which he says will be available shortly. Most of the added features have to do with sorting options within Trophies, including:
Trophy Enhancements: It's now easier to sort trophies in the Trophy Collection and Comparing Trophy sections.
Trophy Folder (Title List): this can be sorted by game name or title according to teh date in which they were earned
Add-on List (Group List): can be sorted by original/the date in which yu earned your last trophy (ascending/descending)
Trophy List: can be sorted by original/trophy name/grade/date of obtaining the trophy (ascending/descending)
The update also readies the PS3 console for some upcoming features, most notably 3D stereoscopic gaming "which is coming soon to the PS3."
This is the Sony's second firmware upgrade in less than a month, and it's interesting that this latest one is being described as mandatory. On April 1st, Sony released firmware version 3.21, which was primarily to kill off the "Install Other OS" feature. While this was an optional update, users who opted not to install it would lose key features, such as the ability to sign in to the PlayStation Network.
Starting this Tuesday, April 13, Sun's Solaris operating system will receive quarterly security patches, Oracle announced. This comes as good news for Solaris users, who will now know months in advanced when they will be getting security updates.
Solaris isn't the only bit of Sun software to be included in these updates. According to Oracle, the next update will include 16 security fixes for a number of Sun products, including Sun Cluster, Sun Convergence, and the Sun Ray server software.
Prior to Oracle's takeover of Sun, Solaris and other Sun products were typically updated on an as-needed basis rather than any type of set schedule. After Tuesday, the next set of updates will roll out on July 13.
In a blog post this week, Adobe announced it has been testing out a new updater technology with select beta customers since the company's October 13, 2009 quarterly update. The goal, Adobe says, is to streamline and automate updates with little to no user intervention.
Adobe is apparently happy with the tests so far is now "ready for the next phase of deployment." On Tuesday, April 13, 2010, Adobe said it will activate the new update for all users needing Adobe Reader and Acrobat 9.3.2 and 8.2.2 for Windows and Macintosh.
The new updater will give Windows users the option of selecting "Automatically install updates." If selected, the updater waits for the system to become idle "to avoid disturbing the user" and proceeds to download and install the security patches.
For those concerned about privacy, Adobe promises that it has "no plans to activate the automatic option by default without prior user consent."
Tech site GeekSmack.net claims to have obtained a beta release of Microsoft's upcoming Service Pack 1 for Windows 7 and has posted the first screenshots of the build.
While we don't recommend it, for those of you who want to go gallivanting around the web looking for the same beta, GeekSmack says the full build string is 6.1.7601.16537.amd64fre.win7.100327-0053.
"The install process is much of what you would expect from a service pack installer, but one thing I noticed is that the installation is MUCH faster than the install process for service packs on Vista was, which is a very welcome change," TechSmack noted.
There are a bunch of screenshots to gawk at, including a few from after the service pack was applied. Looks legit, and falls in line with Microsoft recently announcing that service packs for both Windows 7 and Windows Server 2008 R2 were forthcoming. According to Microsoft, SP1 for Windows 7 would mostly contain "minor updates."
Mozilla on Thursday issued an update to Firefox bringing the current version to 3.6.3. The update fixes a "critical" security flaw that was exploited during the recent Pwn2Own contest.
"A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative," Mozilla said. "By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object."
According to Mozilla, the contest winning exploit only affects Firefox 3.6 and not any previous versions of the popular open-source browser. However, the browser-maker said it will play it safe and soon issue a patch for Firefox 3.5 just in case there's another way of triggering the bug.