Merely a day after rolling out Vulnerability-related.PatchVulnerability the December 2018 security patch early , Samsung has now revealed Vulnerability-related.PatchVulnerability the details of the latest security maintenance release . The Galaxy Xcover 4 is the first smartphone to get Vulnerability-related.PatchVulnerability this update . Samsung will be releasing Vulnerability-related.PatchVulnerability the patch for more compatible devices in the coming weeks . It has detailed the contents of this patch as part of its monthly security maintenance release process . The update includes patches from Google for Android in addition to patches from Samsung for its custom software . The December 2018 security patch has fixes for six critical vulnerabilities discovered Vulnerability-related.DiscoverVulnerability in the Android operating system . The most severe vulnerability in the framework section could enable a malicious app to run unapproved code in the context of a privileged process . However , no moderate or low-risk vulnerabilities were required to be patched Vulnerability-related.PatchVulnerability in this latest security maintenance release . The update Vulnerability-related.PatchVulnerability does bring Vulnerability-related.PatchVulnerability quite a patches for 40 Samsung Vulnerabilities and Exposures ( SVE ) items . This includes a vulnerability in the Secure Folder app which could have allowed access without authentication . Another vulnerability in the app could have resulted in the exposure of the gallery app without authentication . Therefore , Samsung will now get down to the business of rolling out Vulnerability-related.PatchVulnerability the December 2018 security patch to supported devices . We should expect some handsets to start receiving it within the next few days . The company may start rolling it out to high-end devices first .

Adobe has released Vulnerability-related.PatchVulnerability updates fixing Vulnerability-related.PatchVulnerability a long list of security vulnerabilities discovered Vulnerability-related.DiscoverVulnerability in the Mac and Windows versions of Acrobat and Reader . In total , the first October update brings 85 CVEs , including 47 rated as ‘ critical ’ with the remaining 39 classified as ‘ important ’ . It ’ s too early to get much detail on the flaws but those rated critical break down as 46 allowing code execution and one allowing privilege escalation . The majority of the flaws rated important involve out-of-bounds read issues leading to information disclosure . As far as Adobe is aware , none are being actively exploited . The update you should download depends on which version you have installed : For most Windows or Mac users it ’ ll be either Acrobat DC ( the paid version ) or Acrobat Reader DC ( free ) so look for update version 2019.008.20071 . For anyone on the classic Acrobat 2017 or Acrobat Reader DC 2017 , it ’ s version 2017.011.30105 . Those on the even more classic Acrobat DC ( 2015 ) or Acrobat Reader DC ( 2015 ) it ’ s version 2015.006.30456 . Anyone who still has the old Acrobat XI or Reader XI on their computer , the last version was 11.0.23 when support for this ended a year ago . A sign of success ? There was a time when having to patch Vulnerability-related.PatchVulnerability so many flaws in a small suite of products from one company would have been seen as a failure . Arguably , these days , it ’ s a sign of success – researchers are devoting the time to finding Vulnerability-related.DiscoverVulnerability vulnerabilities before the bad guys do and Adobe is turning around fixes . What ’ s surprising is that despite crediting every one of them ( and it ’ s quite a list ) , the company doesn ’ t seem to have a formal bug bounty reward program other than the separate web applications program run via third party company , HackerOne . If Adobe ’ s 85 vulnerabilities sounds excessive , have some sympathy for users of the rival Foxit PDF Reader and Foxit PhantomPDF programs . Foxit last week released what appears to be Vulnerability-related.DiscoverVulnerability 116 vulnerabilities of their own ( confusingly , many of which are not yet labelled with CVEs Vulnerability-related.DiscoverVulnerability ) . For some reason , the number of flaws being found Vulnerability-related.DiscoverVulnerability in Foxit ’ s programs has surged this year , reaching 183 before this September ’ s count , compared to 76 for the whole of 2017 . As for Adobe , these updates are unlikely to be the last we hear of the company this month – expect the usual flaws to be patched Vulnerability-related.PatchVulnerability in Adobe ’ s legacy Flash plug-in when Microsoft releases Vulnerability-related.PatchVulnerability its Windows Patch Tuesday on 9 October .

A security flaw affecting Vulnerability-related.DiscoverVulnerability LibreOffice and Apache OpenOffice has been fixed Vulnerability-related.PatchVulnerability in one of the two open-source office suites . The other still appears to be vulnerable Vulnerability-related.DiscoverVulnerability . Before attempting to guess which app has yet to be patched Vulnerability-related.PatchVulnerability , consider that Apache OpenOffice for years has struggled attract more contributors . And though the number of people adding code to the project has grown since last we checked , the project missed its recent January report to the Apache Foundation . The upshot is : security holes are n't being patched Vulnerability-related.PatchVulnerability , it seems . The issue , identified Vulnerability-related.DiscoverVulnerability by security researcher Alex Inführ , is that there 's a way to achieve remote code execution by triggering an event embedded in an ODT ( OpenDocument Text ) file . In a blog post on Friday , Inführ explains Vulnerability-related.DiscoverVulnerability how he found Vulnerability-related.DiscoverVulnerability a way to abuse the OpenDocument scripting framework by adding an onmouseover event to a link in an ODT file . The event , which fires when a user 's mouse pointer moves over the link , can traverse local directories and execute a local Python script . After trying various approaches to exploit the vulnerability , Inführ found Vulnerability-related.DiscoverVulnerability that he could rig the event to call a specific function within a Python file included with the Python interpreter that ships with LibreOffice . `` For the solution I looked into the Python parsing code a little more in depth and discovered that it is not only possible to specify the function you want to call inside a python script , but it is possible to pass parameters as well , '' he said . The exploit was tested on Windows , and should work on Linux , too . Inführ says Vulnerability-related.DiscoverVulnerability he reported Vulnerability-related.DiscoverVulnerability the bug on October 18 and it was fixed Vulnerability-related.PatchVulnerability in LibreOffice by the end of the month . RedHat assigned Vulnerability-related.DiscoverVulnerability it CVE-2018-16858 in mid-November and gave Inführ a disclosure Vulnerability-related.DiscoverVulnerability date of January 31 , 2019 . When he published Vulnerability-related.DiscoverVulnerability on February 1 , in conjunction with the LibreOffice fix notification , OpenOffice still had not been patched Vulnerability-related.PatchVulnerability . Inführ says Vulnerability-related.DiscoverVulnerability he reconfirmed Vulnerability-related.DiscoverVulnerability that he could go ahead with disclosure Vulnerability-related.DiscoverVulnerability even though OpenOffice 4.16 has yet to be fixed Vulnerability-related.PatchVulnerability . His proof-of-concept exploit does n't work with OpenOffice out-of-the-box because the software does n't allow parameters to be passed in the same way as the unpatched version of LibreOffice did . However , he says Vulnerability-related.DiscoverVulnerability that the path traversal issue can still be abused to execute a local Python file and cause further mischief and damage . We 're imagining specifically targeted netizens being tricked Attack.Phishing into opening a ZIP file , unpacking an ODT and Python script , and then the ODT document attempting to execute the Python script when the victim rolls their mouse over a link , for instance . The Register tried to reach two OpenOffice contributors to find out what 's going on . We 've not heard back . According to Inführ , OpenOffice users can mitigate the risk by removing or renaming the pythonscript.py file in the installation folder .

Networked printers for years have left gaping holes in home and office network security . Today , experts continue to find Vulnerability-related.DiscoverVulnerability flaws in popular laser printers , which are putting businesses at risk . Experts at the University Alliance Ruhr recently announced Vulnerability-related.DiscoverVulnerability vulnerabilities in laser printers from manufacturers including Dell , HP , Lexmark , Samsung , Brother , and Konica . The flaws could permit print docs to be captured , allow buffer overflow exploits , disclose passwords , or cause printer damage . Up to 60,000 currently deployed printers could be vulnerable Vulnerability-related.DiscoverVulnerability , they estimate . When unprotected , printers expose users to several types of attacks , says Jeremiah Grossman , chief of security strategy at SentinelOne . Hackers can use vulnerabilities to capture old printer logs , which may contain sensitive information . They may also use these flaws to establish their foothold in a networked device and move laterally throughout the organization to gather data . Some attackers want to wreak havoc outside a single business . With networked printers under their control , a cybercriminal may use one company 's bandwidth to perform DDoS attacks on other organizations and individuals around the world . These examples are among the many types of damage that will continue to threaten security as part of the growing Internet of Things , Grossman predicts . `` Most of the time , printers are not going to be terribly different from any IoT device , '' he explains . Hackers who find Vulnerability-related.DiscoverVulnerability vulnerabilities in the web interface can take over , as they could for any device connected to the network . The difference , of course , is printers have been around far longer than most IoT products . This presents a market failure that will be difficult to correct because patches wo n't be made available Vulnerability-related.PatchVulnerability . Even when they are , devices wo n't be patched Vulnerability-related.PatchVulnerability often . Right now the easiest vectors include web hacking and email attacks , but they will move to IoT as computers and operating systems get more secure . Printers are low-hanging fruit , he says , and easier to target . He also recommends isolating printers on local networks , separate from PCs , and disabling out-of-network communication so even if they 're hacked , printers ca n't interact with adversaries outside the organization . Wingate suggests adopting the same baseline security practices businesses employ for computers ; for example , periodically update passwords so sensitive content is n't left in the open for people to steal . He also recommends intrusion detection , another practice people use for their PCs but do n't frequently employ on printers .