Security firms weigh in on Adobe breach, cite 38 million+ user IDs stolen

Posted by:
Date: Wednesday, October 30th, 2013, 10:56
Category: Hack, News, security

adobelogo

You’re probably going to want to change your Adobe login and password.

Per Macworld and Krebs on Security, the security breach reported earlier this month at Adobe is turning out to be much more widespread than the company first let on. At least 38 million users have been affected by the early October incident.

When Adobe announced the breach on October 3, it said that attackers stole user names and encrypted passwords for an undisclosed numbers of users, along with encrypted credit or debit card numbers and expiration dates for 2.9 million customers. Krebs on Security has reported on the full extent of the attack, confirming the 38 million figure with Adobe.

The total damage could go beyond 38 million users. According to the article, the 3.8GB file includes more than 150 million usernames and hashed passwords, all taken from Adobe. The same file also apparently turned up on a server with the other stolen Adobe data.

Adobe says that 38 million active users users were affected, whereas the other usernames and passwords could include inactive IDs, test accounts and IDs with invalid passwords. However, Adobe is still investigating, and given the tendency of users to repeat the same usernames and passwords across multiple Web services, inactive account holders could still face a security risk. Adobe is trying to notify inactive users of the breach, and has already reset passwords for active users who were affected.

To make matters worse, Krebs on Security and Hold Security both claim that the hackers stole source code for flagship products such as Photoshop, Acrobat, and Reader. Adobe acknowledged that at least some Photoshop source code was stolen; the company is trying to get the data taken down.

In a blog post, Hold Security suggested that the source code theft could have far-reaching security implications. “While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data,” the firm wrote. “Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits.”

Active Adobe users affected by the breach should have received a notification from the company by now, prompting them to change passwords. As always, users can employ several strategies to keep their data safe, such as setting different passwords on each site or setting up a password manager.

Stay tuned for additional details as they become available.

Apple, Adobe sandbox Flash Player development for OS X versions

Posted by:
Date: Thursday, October 24th, 2013, 22:00
Category: News, security, Software

When in doubt, sandbox the sucker.

Per Mac|Life, Adobe announced on Wednesday that the latest version of the Safari web browser included with OS X Mavericks now features app sandboxing for Flash Player, following similar moves with browsers from Google, Microsoft and Mozilla.

Although Flash Player has been sandboxed for some time, for whatever reason Apple didn’t get on board with Safari until version 7.0, which is included with this week’s update to OS X Mavericks.

“For the technically minded, this means that there is a specific com.macromedia.Flash Player.plugin.sb file defining the security permissions for Flash Player when it runs within the sandboxed plugin process,” explains Adobe Platform Security Strategist Peleus Uhley.

“As you might expect, Flash Player’s capabilities to read and write files will be limited to only those locations it needs to function properly. The sandbox also limits Flash Player’s local connections to device resources and inter-process communication (IPC) channels. Finally, the sandbox limits Flash Player’s networking privileges to prevent unnecessary connection capabilities.”

The bottom line is that viewing Flash Player content will now be safer and more secure for Safari users on OS X Mavericks, thanks to the combined work of Adobe and Apple, who not so long ago were on opposite sides of the track when it came to Flash technology.

If it makes it more secure, then godspeed…

Adobe Flash Player updated to 11.9.900.117

Posted by:
Date: Wednesday, October 9th, 2013, 06:06
Category: News, Software

This one’s fairly substantial.

On Tuesday, Adobe released Flash Player 11.9.900.117 for Mac OS X, an 18 megabyte download via MacUpdate. The new version adds the following fixes and changes:
– Mobile Workers (concurrency) – Android: Workers APIs are now supported for Android. This will work only with swf-version 22 (namespace 3.9) or later. The feature is in development and there are a few known issues.

– Support for background execution in Direct render mode – iOS and Android: Presently AIR on iOS and Android does not support background execution when render mode direct is set. Due to this restriction, Stage3D based apps are not able to execute background tasks like audio playback, location updates, network upload/download etc. iOS does not allow OpenGLES/rendering calls in the background. Applications which attempt to make OpenGL calls in the background are terminated by the iOS. Android does not restrict applications from either making OpenGLES in the background or other background task (like audio playback). With this feature, we would be allowing AIR mobile apps to execute in background when renderMode direct is set. AIR iOS runtime will throw an error if OpenGLES calls are made in background. However no error will be thrown on Android, as Android native apps are allowed to make OpenGLES calls in background. It’s recommended to not make rendering calls while app is executing in background as its important to utilize the mobile resources judicially. List of Stage APIs which may throw the error 3768 – The Stage3D API may not be used during background execution”.

– XXHDPI (144×144) Icon Support – Android: With this feature we have added support for beautiful, high resolution icons on devices such as the Nexus 10.

– Mac OS X 10.9 Support: We have tested against the latest developer releases of OS X 10.9 and are ensuring that Flash Player continues to perform as expected.

– Mac .pkg Installation Support: Deploying Flash Player and keeping it up to date is a critical task for system administrators worldwide. We’re introducing a new .pkg installer format for our distribution partners so we can reduce their workload by allowing them to deploy Flash Player for Mac using their current tools and environments.

Adobe Flash Player 11.9.900.117 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new Flash Player and have any feedback to offer, please let us know in the comments.

Adobe announces security breach, says 2.9 million customer accounts, encrypted credit and debit card data stolen

Posted by:
Date: Friday, October 4th, 2013, 07:43
Category: News, security

adobelogo

You might want to check in with Adobe on this…

Per AppleInsider, Adobe on Thursday confirmed that malicious parties had compromised its networks and potentially gleaned credit card and other personal information from the accounts of nearly three million users.

The company revealed the breach in a post to its official blog. Adobe’s security team recently discovered a number of “sophisticated attacks” on its network, with some of those attacks targeting customer information and source code for several Adobe products.

In all, the attackers are believed to have stolen information on 2.9 million Adobe account holders. That data includes customer names, encrypted credit and debit card numbers, expiration dates, and other customer order information. Adobe does not believe that decrypted credit or debit card numbers were removed from the network.

Adobe has contacted federal law enforcement for help in the investigation and is resetting passwords for affected accounts in order to prevent further unauthorized access. Owners of affected Adobe ID accounts will receive an email notification from Adobe with information on how to change their passwords.

The company also recommends that account holders affected by the attack change their passwords on any website where they may have signed up with the same login credentials.

On its end, Adobe has spread news of the breach to banks that process its payments, and is coordinating with payment card companies and card-issuing institutions to help protect customers’ accounts. In addition, the company is extending a free one-year credit monitoring membership to those customers whose information was compromised.

Stay tuned for additional details as they become available.

Adobe releases Photoshop Elements 12.0

Posted by:
Date: Tuesday, September 24th, 2013, 07:37
Category: News, Software

pe23icon

You can’t knock a new version of Photoshop Elements.

On Tuesday, graphics giant Adobe announced the released of its Photoshop Elements 12 consumer image editing suite, the new version, a 1.55 gigabyte download with a 30 day demo available, adds the following features and changes:
New:
– Take your photos and videos with you wherever you go: Easily view, relive, and share your Elements photos on your smartphone and tablet. And finally–unlock the photos from your mobile device, and see them in your Elements albums back at home.

– Easily move objects: Move objects in a photo and have the background automatically filled in with Content-Aware Move.

– Pet-Eye Correction: Remove green, yellow, and other “pet eye” discolorations as easily as you remove red eye in photos of people.

– Share from Editor: Sharing options previously only available in the Organizer are now available in the Editor.

– Add your personal touch, instantly: Use a variety of one-touch Frames, Effects, and Textures to add depth to your snapshots.

Enhanced:
– Discover a friendly and intuitive environment: Organize, edit, create, and share more quickly and easily thanks to big, bold icons; a helpful Action bar; and the ability to choose from Quick, Guided, and Expert editing modes to fit your needs.

– Go from flawed to phenomenal in seconds: Get the photo fixes you’re looking for with one-step shortcuts that whiten teeth or make skies a vibrant blue. Make unwanted photo elements vanish with one stroke of the Spot Healing Brush, and use Auto Smart Tone for intelligent photo corrections.

– Fix photos the easy way: Easily straighten a photo and fill in any missing background with Content-Aware Fill for the Straighten tool. Available in Expert mode.

– Share photos: Quickly post your photos on Facebook, YouTube, Vimeo, Twitter, and more. Now, easily share your Elements photos in shared albums, and view them on your smartphone or tablet.

– Print using integrated online offerings: Order prints, cards, and photo books online to bring your creations to life. Print folded cards to your local printer. (Services vary worldwide.)

– Learn as you use: It’s fun to produce professional effects using one of more than 25 Guided Edits. New effects include Zoom Burst, which brings dramatic action to your photos; Photo Puzzle, which gives a fun puzzle effect; and Old Photo Restore, which helps you fix an old or worn photo.

– Count on step-by-step assistance: Get the results you want with Guided Edits. New options include Zoom Burst, Photo Puzzle, and Old Photo Restore.

Adobe Photoshop Elements 11 retails for US$99.99 for the full version and US$79.99 for the upgrade version and requires Mac OS X 10.7 and an Intel multi-core processor to install and run.

If you’ve tried the new Photoshop Elements and have any feedback to offer, please let us know in the comments or feedback.

Adobe releases Lightroom 5.2 update

Posted by:
Date: Tuesday, September 17th, 2013, 07:32
Category: News, Software

lightroomlogo

A helpful update’s a helpful update.

Adobe on Tuesday announced the availability of the latest version of its prosumer photo editing software, Lightroom 5.2. The new version, a 475.7 megabyte download via MacUpdate, offers the following fixes and changes:
– A color noise reduction slider in the Detail panel and a feather adjustment slider for the Spot Heal tool.

– Bug fixes, new lens profiles, and support for 16 new cameras, including the Canon EOS 70D, Fujifilm X-M1, and Sony A3000.

Lightroom 5.2 is available for both Mac and PC platforms. Mac users will need a multicore Intel processor with 64-bit support, running OS X 10.7 or later along with at least 2GB of RAM (4GB recommended) 2GB of available HDD space, and a 1024×768 resolution to install and run.

The software is available from Adobe’s website for US$79 when upgrading from an earlier version, or US$149 for new users. Those already subscribed to Adobe’s Creative Cloud service will find that the new software is included in their memberships.

If you’ve tried Lightroom 5 and have any feedback to offer, please let us know in the comments.

Adobe Reader, Acrobat Pro updated to 11.0.04

Posted by:
Date: Tuesday, September 10th, 2013, 07:41
Category: News, security, Software

You can’t knock a useful update.

On Tuesday, Adobe released version 11.0.04 of its Adobe Reader and Adobe Acrobat Pro applications. The updates, which can also be snagged through the Adobe Update Utility, add the following fixes and changes:

– This update provides system requirement enhancements, mitigation for security issues, improved overall stability, bug fixes, and feature enhancements.

Acrobat Reader 11.0.04 and Acrobat Pro 11.0.04 require an Intel-based processor and Mac OS X 10.6.8 or later to install and run.

If you’ve tried the new versions and noticed any differences, please let us know what you think.

Adobe releases Flash Player 11.8.800.146 beta

Posted by:
Date: Friday, August 16th, 2013, 09:19
Category: News, security, Software

When in doubt, there’s always the public beta to make things a bit better.

On Thursday, Adobe released Flash Player 11.8.800.115 for Mac OS X, an 18 megabyte download via MacUpdate. The new version adds the following fixes and changes:

– Includes new features as well as enhancements and bug fixes related to security, stability, performance, and device compatibility.

The Adobe Flash Player 11.8.800.146 beta requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new Flash Player and have any feedback to offer, please let us know in the comments.

Adobe releases Lightroom 5.2 release candidate beta

Posted by:
Date: Wednesday, August 7th, 2013, 06:42
Category: News, Software

lightroomlogo

You can’t argue with a good release candidate.

Adobe on Monday announced the availability of the latest version of its prosumer photo editing software, Lightroom 5.2. The new version, a 467.2 megabyte download via MacUpdate, offers the following fixes and changes:

New features:
– A Smoothness adjustment slider has been added to the Detail Panel under Color Noise.

– Reduction. This helps to reduce low-frequency color mottling artifacts.

Refinements to the Spot Healing Tool:
– New Feather control.

– Auto find source method now works better for images with textured areas like rocks, bark, and foliage.

– Auto find source method now prefers source areas within the crop rectangle.

– Smart Preview size has been updated to 2560 pixels on the long edge.

Refinements to the Local Adjustment Brush:
– Right Click (PC) / Control-click (Mac) on a brush adjustment pin to bring up a context menu to duplicate or delete.

– Control+Alt+Drag (PC) / Command+Option+Drag (Mac) on a brush adjustment pin to clone (duplicate) that adjustment.

Bug fixes:
– Catalog containing images processed with PV2003 were adding a post-crop vignette when catalog upgraded to Lightroom 5.

– Pressing the “Reset” button while holding down the Shift key caused Lightroom to exit abruptly.

– Output Sharpening and Noise Reduction were not applied to exported images that were resized to less than 1/3 of the original image size.

– Incorrect photo was selected when trying to select a photo in segmented grid in Publish Services.

– The Esc key did not exit the slideshow after right clicking screen with mouse during slideshow playing.

– Import dialog remained blank for folders that contain PNG files with XMP sidecars.

– Metadata panel displayed incorrect information after modifying published photo. Please note that this only occurred when metadata was changed after the photo was published.

Lightroom 5.2 is available for both Mac and PC platforms. Mac users will need a multicore Intel processor with 64-bit support, running OS X 10.7 or later along with at least 2GB of RAM (4GB recommended) 2GB of available HDD space, and a 1024×768 resolution to install and run.

The software is available from Adobe’s website for US$79 when upgrading from an earlier version, or US$149 for new users. Those already subscribed to Adobe’s Creative Cloud service will find that the new software is included in their memberships.

If you’ve tried Lightroom 5 and have any feedback to offer, please let us know in the comments.

Adobe Flash Player updated to 11.8.800.115

Posted by:
Date: Friday, July 19th, 2013, 10:48
Category: News, Software

It’s hard to ignore a Flash Player update.

On Friday, Adobe released Flash Player 11.8.800.115 for Mac OS X, an 18 megabyte download via MacUpdate. The new version adds the following fixes and changes:
– Sandboxing enhancements: This feature adds enhancements to the existing sandbox feature by better addressing application launches in protected mode.

– Recursive stop on MovieClip: For Flash Player, this feature allows a game developer to effectively pause/stop a running SWF without having to iterate through all of the objects on the DisplayList.

– Datagram Socket: DatagramSocket APIs are now supported for iOS and Android also. This will work only with swf-version 21 or later.

– Server Socket: ServerSocket APIs are now supported for iOS and Android also. This will work only with swf-version 21 or later.

– LZMA SWF support: LZMA compressed swfs can now be packaged for iOS and Android targets and are supported.

– 4096×4096 texture support: With this feature, a new profile, BASELINE_EXTENDED is introduced in the class flash.display3D.Context3DProfile, which will support a
maximum texture size of 4096X4096.

– Rectangle Texture Support: Rectangle Textures are now supported in BASELINE as well as BASELINE_EXTENDED profile. T e texture formats supported for Rectangle Textures are BGRA, BGR_PACKED and BGRA_PACKED. Details for usage can be found in the language reference.

Adobe Flash Player 11.8.800.115 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new Flash Player and have any feedback to offer, please let us know in the comments.