Last week Google announced that they will no longer be accepting ads that feature Flash. This new should really come as no surprise as Flash (and its spirit brother Java) have taken a beating on the security front for years. Abobe and Oracle have been unable to keep the bad guys from running rampant with their code. Of course the change will not take place overnight so everyone has the chance to swap out that old and insecure Flash for the new and (insecure) HTML5.
After three spate 0-day vulnerabilities are found in your product you can pretty much expect the market to call for you go away. This is the situation that Adobe is in right now. After fighting to their little slice of dominance in the computing industry Adobe’s Flash is arguably one of the most commonly used APIs to rendering rich content. This has made them a rather large target for a number of years… well this and the fact that the Flash development team has made some rather poor choices when it comes to their application.
Although it will not come as a surprise, there seems to be yet another bug in Adobe’s flash player that allows for an attacker to potentially take control of a system by forcing a crash of the application. According to TrendMicro, CVE 2015-5123 is a critical bug in the latest version of Flash player for Linux, Windows, and OSX operating systems. Adobe has already released a customer advisory stating they are already aware of this flaw being exploited in the wild.
Recently Adobe had a security breach where they claimed that roughly 3 million user accounts were affected. At the time they said that some accounts even had encrypted credit/debit card information stolen. When the announcement came out Adobe sent out a mass e-mail informing the people affected that their accounts were compromised. The breach was a blow to Adobe’s Creative Cloud service which moves their software from a onetime purchase to a monthly subscription.
On October 4th Adobe was forced to send out almost three million emails with the unfortunate news that their network had been attacked, breached and data stolen. The data from that theft included account IDs as well as encrypted passwords and credit/debit card information and even source code for Adobe products. The attack happened not all that long after Adobe pushed their users to a subscription based license for their products. Once a large number of people had joined the Creative Cloud service Adobe was an even more attractive target and due to their history or ignoring security the attackers were able to get in and grab what they wanted.
The threat of a data breach is one that every company faces and it is also an eventuality that they all know can happen at any time. The number of daily attempt to penetrate corporate security is staggering as is the number of successful attack where at least some data is taken. It is for this reason that we still a confused when companies want to move to a cloud based or subscription style software agreement. Once all of that billing information is stored in a single spot (even multiple data centers) it becomes a very big target. Adobe has found that out the hard way as they are now reporting a breach that lost the information for approximately 2.9 Million users and source code for Cold Fusion and Acrobat.
Adobe Systems has announced that they will pay $600 million to acquire company Neolane, which develops software platform for the management of digital marketing campaigns across multiple platforms.
Adobe is jumping on the revenue stream bandwagon and has announced that they will no longer release boxed versions of their creative suite products. Instead they are pulling everything back into their Creative Cloud and forcing users into a subscription service. In other words they are joining Microsoft and a few others in the attempt to make your software turn into a recurring charge instead of a one-time purchase. This new business model seems to be catching on with many larger software developers and we do expect it extend down into game developers in the next few years.
Photoshop is now available to users of mobile phones with Android or iOS operating systems. The new application name is Photoshop Touch, in relation to the version for tablet devices; the interface is changed, while the functionality remains pretty much the same.
If you believe the predictions of Philip Willis and John Patterson from the University of Bath in England, the age of pixels, at least in video compression algorithms, is coming to an end. Although the basic unit of raster images that the video consists of are still pixels, it has been known for a long time that there are limitations that arise from them. For example, scaling to different, especially higher resolution, makes image quality turn to crap and increases perceptual artifacts with no gain in quality of information.