Adobe Acrobat and Reader under attack with a zero-day exploit

Adobe LogoAdobe identified a critical vulnerability in Adobe Acrobat and Reader on Tuesday, but said today that attackers were already exploiting this bug. All versions of Acrobat and Reader 8 and 9 for Windows, Macintosh, and Unix are open to attack. Even the latest versions, 8.2.4 and 9.3.4 are not safe. Other PDF reading alternatives, such as Foxit Reader, are not affected.

Masquerading as a harmless PDF file, this exploit has malformed font and image files. Spreading as an e-mail attachment to innocent-sounding emails, the PDF saves and runs an executable file to disk when it’s opened. A variation of the email offers tips on ways to improve your golf game. Security firm Trend Micro spotted a variation with a Trojan, TROJ_PIDIEF.WM, that downloaded two other Trojans called TROJ_DLOADR.WM and TROJ_CHIFRAX.BU.

This vulnerability bypasses Windows 7’s vaunted security measures. The executable file that gets saved carries a valid digital signature, so Windows 7 allows the operation. Because a valid signature pretty much tells Windows 7 that it’s a safe file, this executable is free to download more malicious code from a server at academyhouse.us. According to Kaspersky Lab, the file appears to be form Vantage Credit Union in St. Louis. It also piggybacks on loopholes created by applications that haven’t included Windows 7’s ASLR security technology in their own code.

Adobe “is in the process of evaluating the schedule for an update to resolve this vulnerability,” and hasn’t announced any fixes or patches. The regularly scheduled patch date is Oct. 13, but an emergency patch is not out of the question.

There are reports that turning off JavaScript in Adobe Reader stops the PDF file from executing. This is only a temporary measure, as attackers can tweak the exploit to issue variations that are immune to disabling JavaScript.

Computing

These are the worst passwords of 2018. Is yours on this list?

Do you use a bad password that makes your online accounts easy to break into? SplashData has compiled a list of the top 100 worst passwords for 2018 and there are quite a few listings that were carryovers from prior lists.
Computing

Windows Update not working after October 2018 patch? Here’s how to fix it

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Computing

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.
Computing

Edit, sign, append, and save with six of the best PDF editors

There are plenty of PDF editors to be had online, and though the selection is robust, finding a solid solution with the tools you need can be tough. Here, we've rounded up best PDF editors, so you can edit no matter your budget or OS.
Computing

Why limit yourself to one OS? Try one of these great virtual machine apps

Buying a new computer just because you want to utilize another operating system isn't necessary. Just use the best virtual machine applications to emulate one OS inside another, no matter what your platform or budget is.
Computing

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.
Computing

Microsoft could split up search and Cortana in the next Windows 10 release

In the latest Insider preview build, Microsoft is exploring ways to split up Cortana and search on Windows 10. If Microsoft moves ahead with this change, we could see separate search and Cortana options in the Spring 2019 Update.
Computing

Mining cryptocurrency for Razer Silver isn’t worth your computing power

Gaming peripheral maker Razer launched a cryptocurrency mining scheme called SoftMiner. You use its software to mine and in return, you get Razer Silver which you can use to buy Razer gear.
Computing

Microsoft’s latest patent paves the way for Andromeda dual-screen mobile device

The latest patent discovery from Microsoft showcases a new hinge design for quickly opening a dual-screen mobile device with a single hand. Could this be additional proof surrounding the rumors of the company's Project Andromeda device?
Computing

Heal your wrist aches and pains with one of these top ergonomic mice

If you have a growing ache in your wrist, it might be worth considering changing up your mouse for something ergonomic. But which is the best ergonomic mouse for you? One of these could be the ticket to the right purchase for you.
Computing

Nvidia’s Jetson AGX Xavier module is designed to give robots better brains

Nvidia's pricey Jetson AGX Xavier might help drive the next generation of smart robots. Nvidia hopes that developers will use its new Xavier module to power AI-driven machines like delivery drones and robots used in manufacturing.
Computing

These Windows 10 keyboard shortcuts will update your OG Windows skills

Windows 10 has many new features, and they come flanked with useful new keyboard shortcuts. Check out some of the new Windows 10 keyboard shortcuts to improve your user experience and save more time!
Computing

Leaked AMD Ryzen 3000 mobile benchmarks look fit for thin, low-power laptops

AMD is poised to give Intel a run for its money in the ultra-low-power processor space for laptops. Leaked benchmarks for the Ryzen 3000 APU series show the AMD processor besting Intel's Core i7 Y series in multicore performance.
Mobile

Apple is spending $1 billion to hire up to 15,000 new employees in Austin

Apple has announced a series of expansions across the U.S. -- including a massive expansion to the company's Austin campus that will see it spending $1 billion to accommodate for up to 15,000 new employees.