Science and technology news blog

A security weakness in the ubiquitous Acrobat Reader software could be a boon for cybercrooks, security experts warned on Wednesday in the US.

An error in the Web browser plug-in of Adobe Systems’ tool lets cybercrooks co-opt the address of any Web site that hosts an Adobe PDF file for use in attacks, Symantec and VeriSign iDefense said. An attacker could construct seemingly trusted links and add malicious JavaScript code that will run once the link is clicked, they said.

For example, an attacker could find a PDF file on a bank Web site and then create a hostile link to that file along with malicious JavaScript, Ken Dunham, director of the Rapid Response Team at VeriSign iDefense, said in a statement.

“This vulnerability makes it possible for cross-site-scripting (XSS) attacks to occur, to steal cookies, session information, or possibly create a XSS worm,” he said. XSS attacks put online accounts at risk of hijack and feed information-thieving phishing scams by allowing miscreants to use seemingly trusted links to point to fraudulent Web sites.

The Adobe vulnerability could spark a rise XSS attacks, Symantec said. Such attacks in the past relied on flaws in Web sites, but with the Adobe Reader bug there is now a widely used client-side application that allows cross-site-scripting attacks, it said in an alert sent to users of its DeepSight security intelligence service.

Click here for full article

Adobe Systems plans to release on Friday a beta version of Photoshop CS3, an update of the company’s photo-editing application written to run natively on Intel-based Macs.

The software will be available from Adobe Labs, Adobe said on Thursday. People need a serial number from Photoshop CS2 or other Adobe bundles, including Creative Suite 2, to access the Photoshop CS3 beta.

The final version of Photoshop CS3 is due in spring 2007, according to Adobe.

Adobe will make the beta available as a universal binary—meaning it will run on both PowerPC- and Intel-based Macs—for the Macintosh, as well as for Microsoft Windows XP and Windows Vista.

The release will include an early version of an upgrade to Adobe Bridge, an application for managing files. The beta will also include a new tool, Adobe Device Central, for creating content for mobile devices.

“We still have some surprises in store, but this beta gives customers an early chance to see the power of another great Photoshop release, optimized and tuned to run natively on the latest hardware and operating systems,” said John Loiacono, senior vice president of the Creative Solutions business unit at Adobe.

Click here for full article

Adobe Systems has opened up the source code for the scripting language of the widely used Flash Player to Mozilla Foundation, creator of the Firefox web browser. Access to the code will enable the development of faster and richer interactive Web 2.0 style of applications that will work well with Firefox.

The source code, called ActionScript Virtual machine, is based on the ECMAScript programming standard, which is also used by Microsoft’s JScript and similar to Sun’s JavaScript.

Click here for full article