synthetick / Getty Images I’ve had it happen before. Back when drives consisted of spinning, magnetic platters, that dreaded “tick” was a sure sign a hard drive was failing. Once upon a nightmare scenario, I waited too late and wound up losing everything on my drive. Sure, I could have recovered that data, but at […] More

Follow ZDNET: Add us as a preferred source More

Adobe’s first major batch of security updates in 2021 resolves seven critical bugs that can lead to code execution. 

On Tuesday, the tech giant released separate security advisories describing the vulnerabilities now resolved in seven products. The impacted software is Photoshop, Illustrator, Animate, Bridge, InCopy, Captivate, and Campaign Classic. 
The first security fix has been applied to the Photoshop image creation software on Windows and macOS machines. Tracked as CVE-2021-21006, the critical heap-based buffer overflow bug can be abused to trigger arbitrary code execution.  
Adobe Illustrator, on Windows PCs, is the subject of the firm’s second patch. The critical bug, CVE-2021-21007, is described as an uncontrolled search path element error that can also lead to code execution. 
The third critical problem, discovered in Adobe Animate on Windows machines, is the same kind of security flaw resulting in the same consequences. This vulnerability is tracked as CVE-2021-21008. 
Adobe Bridge, used to port and switch content between different forms of creative software — such as between Photoshop and Lightroom — is subject to a fix for CVE-2021-21012 and CVE-2021-21013, critical out-of-bounds write flaws leading to arbitrary code execution. 
Another uncontrolled search path element vulnerability was found in Adobe InCopy, tracked as CVE-2021-21010. This critical bug can also be weaponized for malicious code execution. 

In Adobe Campaign Classic, on Windows and Linux PCs, the company has tackled CVE-2021-21009, a critical server-side request forgery (SSRF) flaw that can be exploited for the purpose of sensitive information disclosure. 
A hotfix has also been issued for CVE-2021-21011, an uncontrolled search path element bug, deemed “important,” that was found in Windows-based versions of Adobe Captivate. If exploited, the vulnerability can lead to privilege escalation. 
It is recommended that users accept automatic updates where appropriate to update their builds and stay protected. 
Adobe thanked researchers from the nsfocus security team, Qihoo 360 CERT, Decathlon, Trend Micro’s Zero Day Initiative, and both Jamie Parfet and Saurabh Kumar for reporting the issues now resolved in the patch round. 
In December’s security update, the tech giant patched critical vulnerabilities in Adobe Lightroom, Prelude, and Experience Manager. 
Earlier this week, Adobe warned that the company has started to block Flash content worldwide in a bid to urge users to uninstall the software. 
While Flash was once a popular method to display animated content, the software is known for being riddled with security holes. As software best left as an artifact of 2000s website development, the company will no longer issue security fixes or updates. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

<!–> Beata Zawrzel/NurPhoto via Getty Images Your Windows 11 PC is about to get a supersize helping of new features. Exactly when those features will arrive, though, is anybody’s guess. Welcome to the latest evolution of Windows as a Service. In Windows 11, Microsoft has once again shaken up the way it adds new features […] More

The Chromium-based Vivaldi browser has removed FLoC, Google’s controversial alternative identifier to third-party cookies for tracking users across websites.FLoC, or Federated Learning of Cohorts, has just been released by Google for Chrome as its answer to improving privacy while still delivering targeted ads.But Vivaldi has called it a “dangerous step that harms user privacy”.”Google’s new data harvesting venture is nasty,” it declared in a blog post that begins with the header “FLoC off! Vivaldi does not support FLoC”.”At Vivaldi, we stand up for the privacy rights of our users. We do not approve tracking and profiling, in any disguise. We certainly would not allow our products to build up local tracking profiles.”It presents FLoC as part of a set of so-called ‘privacy’ technologies, but let’s remove the pretence here; FLoC is a privacy-invasive tracking technology.”Vivaldi is based on Chromium. But while it relies on the Chromium engine to render pages correctly, it said this is where Vivaldi’s similarities with Chrome and other Chromium-based browsers end.

It said the FLoC experiment does not work in Vivaldi as it relies on some hidden settings that are not enabled in Vivaldi.The FLoC component in Chrome needs to call Google’s servers to check if it can function since Google is only enabling it in parts of the world that are not covered by Europe’s GDPR. As the blog explained, Vivaldi does not allow such a call to be made to Google.”We will not support the FLoC API and plan to disable it, no matter how it is implemented. It does not protect privacy and it certainly is not beneficial to users, to unwittingly give away their privacy for the financial gain of Google,” it said. FLoC has been widely criticised by privacy advocates, even though it is an improvement to third-party cookies. The Electronic Frontiers Foundation (EFF) called it a “terrible idea” because now Chrome shares a summary of each user’s recent browsing activity with marketers.  As Vivaldi explained, an ad company could previously only see the aspects of a user’s personality relating to the websites where its ads were used. An ad provider that was only used for 1,000 websites might only have seen each visitor on one or two of their sites, so they could not build up much tracking data about a user.”FLoC changes this completely. Its core design involves sharing new information with advertisers,” it continued. “Now every website will get to see an ID that was generated from your behaviour on every other website.”You might visit a website that relates to a highly personal subject that may or may not use FLoC ads, and now every other site that you visit gets told your FLoC ID, which shows that you have visited that specific kind of site.”FLoC, Vivaldi said, has very serious implications for people who live in an environment where aspects of their personality are persecuted, such as their sexuality, political viewpoint, or religion. “All can become a part of your FLoC ID,” it said.”This is no longer about privacy but goes beyond. It crosses the line into personal safety.”We reject FLoC. You should too.”RELATED COVERAGE More