Tech Friday


  • 43 critical flaws fixed in Abode Acrobat and Reader:
  • Adobe issued patches for 43 critical vulnerabilities including a zero-day bug that could enable hackers to steal victims’ hashed passwords
  • The updates released this past Tuesday are part of Adobe’s regularly-scheduled security patches
  • Adobe Reader is the most common software used to view PDF files
  • A total of 75 important and critical vulnerabilities in a variety of Adobe products were corrected in this release
  • Adobe indicated that none of these vulnerabilities are currently being exploited
  • You should install the patches as soon as possible
  • Your Android phone can be hacked by opening a specially crafted PNG image:
  • Portable Network Graphic (PNG) is very common format for image files
  • Google's February security update for Android reported a critical vulnerability that can be triggered by a malicious PNG file delivered to a victim's device
  • When a victim opens the file, a remote attacker can execute arbitrary code with elevated privileges
  • Android versions 7.0 to 9.0 are affected
  • As of this writing, there are no reports of the vulnerability being exploited in the wild
  • Google has fixed the issue, but the patch is only for their Pixel smartphone, the Pixel C tablet, and the Essential Phone
  • Other Android users will have to wait for a patch from their device vendor
  • Until you get a patch, you should be very careful opening images
  • You should accept incoming updates to your Android phone as soon as possible
  • Discarded smart devices may reveal your passwords and other sensitive information:
  • Many Internet of Things (IoT) devices have been shown to have significant security flaws
  • Limited Results recently discovered that Lifx light bulbs are storing your Wi-Fi password in cleartext, which means that when you throw it away, a dumpster diver could get your password
  • Even worse, these bulbs also store their private encryption key and and root passwords in the cleartext
  • Additionally, there are no security measures to prevent reloading the onboard ROM with exploits
  • This is yet another example of the risks of adding IoT devices to your network
  • You should think twice and carefully vet any IoT devices you plan to add to your network