Security
Adobe Reader and Acrobat Updates to 9.3.4
More ammo for complaints of Adobe Acrobat getting bloated: by including Flash inside of PDFs, whenever a vulnerability with Adobe Flash is found it means a Flash update is required and then a week or two later, Adobe Reader and Acrobat also need to be updated. Today, those Reader and Acrobat updates hit the wire. They were previously announced that they would be coming sometime during this week and August 19th is the magic day. This update is an out-of-cycle release and the next quarterly update is scheduled for October 12th, according to the Adobe PSIRT blog.
See What Somebody Printed By Listening
Here’s an eye-opener that is very interesting as well as creepy. Researchers have demonstrated how they can place a microphone next to a dot-matrix printer and translate the sounds the printer makes into what was printed, making it possible to spy on the resultant document without ever seeing it.
Acoustic Side-Channel Attacks on Printers
How Your Car’s Tire Pressure Monitoring System Could Allow You To Be Tracked and Hacked
Many modern vehicles (2008 or newer) have a Tire Pressure Monitoring System (TPMS) that alerts the driver when the tire pressure is getting low. In fact, it’s required for all new vehicles in the US following legislation that was prompted by the 2000 Firestone tire issue. For my car, that means this little orange light comes on to tell me if a tire reports that it is low on air pressure. Right now, the light says the tire is low because I had to get a new tire after a flat and it requires a tool only the dealer has to re-sync it. Researchers have now proven that it is possible to track a car and disable a component of the electronic system through a car’s TPMS.
Each tire has a unique 32-bit code and it can be queried by the car’s electronic system. The information is broadcast wirelessly from each tire’s RFID using an unencrypted signal which travels up to 130 feet. To researchers from Rutgers University and University of South Carolina, this meant an attack vector. Somebody could essentially track a car’s location by querying the broadcast ID at intersections, toll booths, or specific locations (seedy clubs, political rallies, medical clinics, etc.) to watch where one went or prove that they were there.
Adobe Flash Player, ColdFusion, and Flash Media Server Updates Come Out Of Nowhere
Adobe provided updates to Adobe Flash Player, ColdFusion, and Adobe Flash Media Server today to address critical and important severity security issues. Oddly, these seem to have come out of the blue. I’m usually able to stay on top of these things but I was caught off-guard by this update. So here I am, passing along the info so that more people update to protect their computers.
The Adobe Product Security Incident Response Team Blog is what alerted me to the update. The article provides links to the updates related security bulletins. Adobe Flash’s Security Bulletin, APSB10-16, informs us the current version of Flash Player is 10.1.82.76 and addresses five remote code execution vulnerabilities and a vector for a click-jacking attack.
Adobe Reader and Acrobat Out-Of-Band Update Coming Week of August 16th
Yesterday a security researcher disclosed a vulnerability in Adobe Reader that allows malicious code to be executed.1 The vulnerability has been confirmed by Adobe’s senior director of product security and privacy. “Key to the decision is determining whether there are enough details available from Miller’s talk for the vulnerability to be exploited in real-world attacks.” Apparently there are enough details out there as a patch is planned for the week of August 16th.
Microsoft Releasing Out Of Band Update to Address LNK Vulnerability Today
Microsoft will be releasing a Windows Update in a couple of hours to address a vulnerability that has been getting a growing amount of press and has also seen an increasing number of attempts to exploit the vulnerability. Announced late last Thursday evening, the Microsoft Security Response Center stated that the release would occur at 10 AM PDT today.
We are releasing the bulletin as we’ve completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers. Additionally, we’re able to confirm that, in the past few days, we’ve seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers.
Comments