DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > Software

Reply
 
Thread Tools Display Modes
Old 07-16-2007, 07:51 PM   #1
Andrew B.
Staff
 
Andrew B.'s Avatar
 
Join Date: Jan 2005
Location: Los Angeles, California
Posts: 3,532
Default Adobe Security Updates

There are some pretty important security updates. For example, this month there is a security update for Photoshop CS3 and CS2 running on Mac and Windows. Also, Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier on Windows and Mac.

http://www.adobe.com/support/security/index.html
Andrew B. is online now   Reply With Quote
Old 07-17-2007, 11:38 AM   #2
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,742
Default

Thanks for that, Andrew.

I may just tell Opera to tell Flash to buzz off and be done with it.

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 07-17-2007, 11:19 PM   #3
Andrew B.
Staff
 
Andrew B.'s Avatar
 
Join Date: Jan 2005
Location: Los Angeles, California
Posts: 3,532
Default

I never would have guessed that a PNG opened in Photoshop (and only Photoshop) can compromise a computer.
Andrew B. is online now   Reply With Quote
Old 07-18-2007, 08:16 AM   #4
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,742
Default

That's the problem with buffer overrun vulnerabilities (assuming that's what the PshopPNG problem is). You'd think it's just some innocent data, but let it land someplace where it doesnt' belong and oopsie, it's code.

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 07-18-2007, 10:09 AM   #5
Cristen Gillespie
Member
 
Join Date: Jan 2005
Posts: 814
Default

Quote:
Originally Posted by Steve Rindsberg View Post
That's the problem with buffer overrun vulnerabilities (assuming that's what the PshopPNG problem is). You'd think it's just some innocent data, but let it land someplace where it doesnt' belong and oopsie, it's code.
Having us fear our image files, jpg, bmp, png etc., has me thinking it's like fearing our drinks and shampoos on airplanes. Our apps should start color coding menu bars -- "alert level Orange," or "you can relax yellow."

   
__________________
Cristen
Cristen Gillespie is offline   Reply With Quote
Old 07-18-2007, 01:54 PM   #6
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,742
Default

Quote:
Originally Posted by Cristen Gillespie View Post
Having us fear our image files, jpg, bmp, png etc., has me thinking it's like fearing our drinks and shampoos on airplanes. Our apps should start color coding menu bars -- "alert level Orange," or "you can relax yellow."
Ah. You haven't tried Vista yet, eh?

It does pretty much that, though I'm not sure Ye Average User has a clue what the different colors mean. Or notices that the natters come in colors.

This one still fractures me.
http://www.youtube.com/watch?v=FxOIebkmrqs

Or at least I think it's this one. With Flash disabled, I can't see moviesquat. <g>

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 07-20-2007, 07:42 PM   #7
Cristen Gillespie
Member
 
Join Date: Jan 2005
Posts: 814
Default

Quote:
Steve: Ah. You haven't tried Vista yet, eh?
No. I've got it. Don't yet have a computer that will run it, but I bought XP so late, I got Vista for shipping. Mind, I don't have a computer to put XP on either.<ggg>

Quote:
Steve: I'm not sure Ye Average User has a clue what the different colors mean. Or notices that the natters come in colors.
Have you memorized the nation's alert level colors? I think there are two -- orange and yellow. They say there are five, don't they? <BG>

Quote:
Steve: Or at least I think it's this one. With Flash disabled, I can't see moviesquat. <g>
ROFL. Know what you mean. Even when I enable it, I have problems. With dialup I have to be really sick of working on the computer to watch anything on youtube. I remember this one. It was one of my favorites, too.

   
__________________
Cristen
Cristen Gillespie is offline   Reply With Quote
Old 07-21-2007, 08:32 PM   #8
curveto
Member
 
curveto's Avatar
 
Join Date: Feb 2005
Location: some room with white padded walls ... now surrounded by Saguaro Cacti
Posts: 352
Arrow

Quote:
Originally Posted by Andrew B. View Post
I never would have guessed that a PNG opened in Photoshop (and only Photoshop) can compromise a computer.
Any data that is blindly read (typically but not necessarily from an unverifiable source) can. ...and in any process or kernel extension (driver). Someone just found this particular instance.

Unfortunately, the rapid pace of development combined with use of languages/tools who's default behavior is to allow blind writes to memory (C, C++ and many others) leads sloppy development teams to create thousands upon thousands of vulnerabilities in essentially every application on your system (let alone the system itself). That said, given the current system landscape (Windows XP, OS X, Linux) a compromised application can generally only do what your user can do. If the user is prohibited from administrative activities (and the application has been installed to run with those credentials ... the Task Manager will tell you) the application will be too.

You can limit your exposure to buffer overruns on Windows running newer hardware by doing the following:

1) Right-click on My Computer;
2) Select Properties;
3) Select the Advanced tab;
4) In the Performance frame click the Settings button;
5) In Performance Options (window) select the Data Execution Prevention tab;
6) Enable DEP (some motherboards/systems don't support this feature, btw)

Then...

If, you find that enabling DEP leads to any process (application) crash you have encountered a buffer overrun. If you can repeat the condition and cause/stop it from occurring via enabling/disabling DEP call the vendor and provide them the steps you've found that recreate the condition. There software has a DEFECT in it. If you called me (an developer) and gave me this type of information I would have no case to deny that you have found a defect (because you have and any engineer worthy of the title will know it).

JR
curveto is offline   Reply With Quote
Old 07-22-2007, 03:08 AM   #9
iamback
Member
 
iamback's Avatar
 
Join Date: Oct 2005
Location: Amsterdam, NL
Posts: 4,894
Default

Quote:
Originally Posted by curveto View Post
You can limit your exposure to buffer overruns on Windows running newer hardware by doing the following:
Which windows? Not on mine (Win2K). XP? Vista?

   
__________________
Marjolein Katsma
Look through my eyes on Cultural Surfaces (soon!), My ArtFlakes shop and Flickr.
Occasionally I am also connecting online dots... and sometimes you can follow me on Marjolein's Travel Blog
iamback is offline   Reply With Quote
Old 07-22-2007, 07:35 AM   #10
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,742
Default

Quote:
Originally Posted by iamback View Post
Which windows? Not on mine (Win2K). XP? Vista?
The feature's available in XP. Not sure of Vista.

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Adobe security bulletin ktinkel General Publishing Topics 5 12-09-2006 11:53 AM
Mac MS Office 2004 security updates ktinkel General Publishing Topics 0 10-11-2006 11:19 AM
Photoshop CS2, Camera Raw Updates terrie Images 0 05-16-2006 03:24 PM
Em Software updates ktinkel Print Production & Automation 0 12-19-2005 10:05 AM
Security flaw problem in Adobe CS1 & more terrie Images 0 06-14-2005 01:10 PM


All times are GMT -8. The time now is 09:31 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.