Adobe issues emergency Flash Player Fix

Adobe has released an emergency software patch for its Flash system after it found a serious vulnerability that was being exploited by hackers.

The company has stated that it has had evidence of “limited, targeted attacks” and urged users to update their software straight away.

Affecting Microsoft, Macintosh and Linux Adobeplatforms, the company’s security bulletin stated that the “updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system.”

While Adobe acknowledges that the hackers have commonly taken advantage of the vulnerability with systems running Internet Explorer for Windows 7 and Firefox on Windows XP, the exploit can affect all users and they are urged to update the software as a soon as possible.

The latest version is 18.0.0.194 and users can check if their software is up to date by visiting the Adobe website.

Mark James, a security specialist from ESET told the BBC: “Since Flash is such a widely used plug-in, it stands to reason that it will be one of the most targeted apps for vulnerability. If you want to affect as many people as possible, then you need an application that a lot of users use, and Flash is one of them.”

Google Chromium: eavesdropping tool installed without permission

Privacy campaigners claim that the ‘always listening’ component was activated within Chromium, meaning that private conversations held around a computer may have been monitored.

ChromiumThe feature was designed to support the company’s new “OK, Google” feature, that enables the computer to respond when it is spoken to but has since been installed and activated without permission.

The Chromium browser, which is the open source basis for Google’s Chrome browser began remotely installing the audio listening code, where the issue was first spotted by open source developers.

Rick Falvinge, the Pirate party founder published a blog identifying the issue, where he stated: “Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.”

He continued “Obviously, your own computer isn’t the one to [analyse] the actual search command. Google’s servers do. Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by… an unknown and unverifiable set of conditions.”

A Google developer responded to comments on the company’s developer board, stating: “Starting and stopping the hotword module is controlled by some open source code in Chromium itself, so while you cannot see the code inside the module, you can trust that it is not actually going to run unless you opt in.”

They also continued to say that “the key here is that Chromium is not a Google product. We do not directly distribute it, or make any guarantees with respect to compliance with various open source policies,”

Investigations into the issue are still on-going.

Government broke data privacy rules

The British intelligence agency GCHQ (Government Communications Headquarters) did not follow the correct data privacy procedures when gathering information.

The action was brought forward by a variety of non-government organisations (NGOs), including Amnesty and Privacy International, who accused the intelligence agencies of intercepting their communications.

data privacyIn most cases, the following tribunal found that if any data was viewed, the communications had been lawfully intercepted. However, in the case of the ‘Egyptian Initiative for Personal Rights’ (EIPR) data was acquired legally, but had been stored for a longer period of time than it should have. The tribunal also stated that there had not been any material damage to the organisation, therefore no compensation had to be paid. The Tribunal ruled that GCHQ had to confirm that within 14 days the relevant information had been deleted.

A government spokesman said: “We welcome the IPT’s confirmation that any interception by GCHQ in these cases was undertaken lawfully and proportionately, and that where breaches of policies occurred they were not sufficiently serious to warrant any compensation to be paid to the bodies involved.”

He added: “GCHQ takes procedure very seriously. It is working to rectify the technical errors identified by this case and constantly reviews its processes to identify and make improvements.”

1 86 87 88 89 90 146