Written By
Unknown
on
Sunday, 17 March 2013
|
06:41
Curso Adobe After Effects (Photo credit: ceslava.com)
Adobe® After Effects® CS6 software lets you deliver cinematic visual effects and motion graphics faster than ever before with new Global Performance Cache. Extend your creativity with built-in text and shape extrusion, new mask feathering options, and the fast, easy-to-use 3D Camera Tracker.
Create visual effects faster in Adobe® After Effects® CS6 software with Global Performance Cache, which optimizes and keeps your previews so you can beat deadlines instead of waiting for frame updates. Boost your creativity with a new 3D engine for text and shape extrusions, a 3D camera tracker, and variable-width mask feathering.
Written By
Unknown
on
Friday, 8 March 2013
|
09:33
Day two of the Pwn2Own competition at CanSecWest was again successful for French Vupen security, as they succeeded in exploiting Adobe Flash on Internet Explorer 9 on Windows 7 by chaining together three zero-days (an overflow, a ASLR bypass technique and a IE9 sandbox memory corruption) and earning themselves another $70,000.
George Hotz exploited Adobe Reader XI (also on IE 9 on Win7), and Ben Murphy - the last contestant to target Java - has also managed to earn a prize even though he wasn't there, because James Forshaw, a winner from the previous day, agreed to serve as proxy and demonstrate the attack.
All in all, ZDI has awarded over half a million dollars in cash prizes and, of course, the compromised laptops and ZDI reward points.
The Google financed Pwnium hacking contest - also held at CanSecWest - this year requires contestants to "break" Chrome OS but has so far not witnessed a successful exploitation.
In the meantime, Mozilla has already fixed the use-after-free zero-day flaw exploited yesterday by Vupen Security, and Google has issued a Chrome update that fixes the flaws discovered by the MWR Labs team.
Written By
Unknown
on
Friday, 23 September 2011
|
13:08
Adobe on Wednesday patched six vulnerabilities in Flash Player, including one it admitted is already being exploited by attackers.
That vulnerability, identified as CVE-2011-2444, shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.
Adobe labeled CVE-2011-2444 as a cross-site scripting (XSS) vulnerability, a class of bugs often used by identity thieves to steal usernames and passwords from vulnerable browsers. In this case, browsers were not directly targeted; rather, attackers exploited the ubiquitous Flash Player browser plug-in.
Like the June Flash bug, CVE-2011-2444 was reported to Adobe by Google's security team.
Adobe also used almost identical phrasing to describe both CVE-2011-2444 and the June vulnerability in its security advisories.
"There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message," said Adobe in Wednesday's advisory as well as the one it published in June. "This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website."
Adobe declined to comment on how the CVE-2011-2444 vulnerability was being exploited and instead referred questions to Google. The latter did not immediately reply to an emailed query.
Four of the five other Flash bugs that Adobe patched today could be exploited by attackers to run their malicious code on victimized computers, Adobe said in its advisory.
Wednesday's Flash update was the first since Adobe patched 13 bugs on Aug. 9. Adobe has fixed Flash eight times so far this year, including several emergency, or "out-of-band," updates rushed to users because attacks were under way.
The patched versions of Flash Player for Windows, Mac, Linux and Solaris can be downloaded from Adobe's Web site. Alternately, users can run Flash's update tool or wait for the software to prompt them that a new version is available.
Android users must browse to the Android Market to update Flash.
Google silently updated its Chrome browser on Tuesday to include the patched version of Flash Player. Google has been including Flash with Chrome since April 2010, and remains the only browser maker to bundle the plug-in with its own releases.
Written By
Unknown
on
Wednesday, 21 September 2011
|
08:43
Adobe has announced the next version of its Flash Player, repositioning its media platform for a mobile world where it is being increasingly shunned.
The company today unveiled the Flash Player 11 and the Flash-based runtime AIR 3, with a heavy emphasis on 3D gaming both in the features and in a roll-call of customers endorsing the duo.
Flash Player 11 and AIR 3 are scheduled for release in early October. Adobe didn't give the date, but you should expect release at Adobe's annual Max conference, between 1 and 5 October.
Both support full hardware acceleration for 2D and 3D graphics, which Adobe claims provides rendering performance 1,000 times faster than Flash Player 10 and AIR 2.
There's also something called Stage3D from Adobe's Labs, built to provide more detailed graphics. Stage3D renders "hundreds of thousands" of z-buffered triangles at 60Hz compared to thousands of non z-buffered triangles at 30Hz in earlier versions of Flash.
H.264 hardware decoding is now available for AIR applications on Apple's iOS, while Flash now works with 64-bit on Windows, Mac and Linux and in the browser.
Installation has been simplified: developers can now automatically package AIR runtimes for Android, Windows, and Apple's OS and iOS so the user doesn't have to download.
The news comes gift-wrapped in endorsements from Zynga, EA Interactive, Ubisoft and Pro 3 Games, among others.
Adobe calls Flash Player 11 and AIR 3 "the game console for the Web"; the emphasis on fine-grained rendering, hardware acceleration and H.264 is deliberate.
Gaming looks like it has become one of the niches that Adobe has bet on for the future survival of its software in a world where – at least when it comes to mobile computing – the days of defaulting to Flash for graphics or media content are coming to an end.
Windows 8 has become the latest tablet operating system to block Flash, through Microsoft's Metro UI. A version of Flash for Windows Phone, meanwhile, is still missing. The problem is Microsoft's browser, Internet Explorer, the PC version of which is now being built for the phone and tablet.
You can blame Apple's Steve Jobs, who started things by blocking Flash from the iPhone and then the iPad and then began championing HTML5, Cascading Style Sheets (CSS) and Javascript as the future of online programming. Sounding a lot like Jobs, Microsoft's IE chief Dean Hachamovitch blogged on the Metro UI news:
Running Metro style IE plug-in free improves battery life as well as security, reliability, and privacy for consumers. Plug-ins were important early on in the web's history.
But the web has come a long way since then with HTML5. Providing compatibility with legacy plug-in technologies would detract from, rather than improve, the consumer experience of browsing in the Metro style UI.
It's not all over for Flash on tablets or smartphones, with Flash running on Android and Blackberry machines. Flash can also run on iOS via AIR, it just can't run natively.
Announcing Flash Player 11 and AIR 3, Adobe let rip its standard ubiquity statistic of more than 98 per cent of internet-connected PCs supporting Flash, with some added numbers on the mobile front. Adobe expects that more than 200 million smartphones and tablets including iOS devices will support Flash-based applications via Adobe AIR. By the end of 2015, the number of devices that will support AIR is expected to increase to one billion.
As for the Microsoft question, Adobe reckons it will bring Flash to the Metro UI in the same way it landed on iOS, via the AIR runtime.
Jobs, it has to be said, cynically hyped HTML5 – a spec that is not even finished – and obfuscated what it really is. Jobs's anti-Flash thrust focused greatly on media and presentation; on the HTML5 video codec; the rendering afforded by CSS that is not a part of the core spec; and on using both HTML5 and CSS with Javascript – which comes from completely outside of the HTML family.
But history is written by the victors, and during the time Jobs blocked Flash he convinced Microsoft to dump its own proprietary plug that it built to challenge Flash, a plug-in called Silverlight, for HTML5. Also during this time, HTML5 has been continuing to evolve as a standard – even though it is still not finished – and it has become something even more people in the industry can claim to be aware of.
And while Adobe is talking tough on Windows 8, Flash will have to co-exist on Metro AIR along with Javascript and HTML, a fact that will compound the overall problem for Flash rather than make it go away or reverse its fortunes.
Flash might not be dead yet
Adobe does seem to have accepted that Flash is going to lose ground to HTML5. In a recent blog post, tools group product manager Andrew Shorten essentially called talk of Flash's death greatly exaggerated, but he also reckoned it was incumbent upon Adobe to focus on where Flex – the software development kit for building Flash-based apps – "provides unique value in the marketplace".
"There are countless examples where, in the past, Flex was (rightly) selected as the only way to deliver a great user experience. Today, many of those could be built using HTML5-related technologies and delivered via the browser," Shorten wrote here.
Where does this leave Adobe? It is not giving up. Shorten continued: "That doesn't mean, however, that HTML5 is the right choice for all use cases – the performance, framework maturity and robust tooling provided by Adobe are cited as critical factors by enterprise customers as to why they continue to select Flex."
Instead, we're seeing Adobe position Flash as something for gaming because of the fine level of detail you can get in graphics or because of the rendering speeds. Also, Adobe is punting something that is missing from HTML5: the ability for games' authors to do things like control where their games are published – meaning, ultimately, they will get paid. In other words: digital rights management (DRM).
In the meantime, Adobe is going to embrace HTML5 through its tools. Shorten said: "We will provide tooling to help designers and developers create those experiences – Edge and Muse are two such examples."
Flash 11 and AIR 3 couldn't have arrived at a period of greater uncertainty for Adobe. Thanks to Jobs, it is easy to forget that HTML5 isn't actually a product, it is a spec – and there are plenty of tooling and features missing that you would rely on tech vendors to deliver.
Also, HTML5 isn't just the video or associated graphics capabilities hyped by Jobs; the core spec remains bread-and-butter page markup while there are interesting new possibilities in areas such as offline data access.
For the future that Adobe might wish for Flash, we should perhaps look to Microsoft and Silverlight – once hailed as a plug-in usurper to Flash. Now Microsoft can't admit to having de-prioritised Silverlight and instead talks of its player being suited for use on a case-by-case basis.
Written By
Unknown
on
Monday, 15 August 2011
|
04:14
Adobe Systems today is expanding its efforts at putting Web design tools within reach of those who don't want to learn how to hand code.
The company is introducing a new application codenamed Muse. Built on its AIR platform, Muse lets users create and publish Web sites like they would make a site mock-up in the company's InDesign or Illustrator software. Adobe promises it will simplify the process for designers who would have previously had to hand off their designs to developers to do the coding necessary to turn that mock-up into an actual site.
Adobe says part of the reason to build such a tool stemmed from a study it did that found most Web design products require users to learn code, something that could be problematic for the more than half of designers surveyed who still did mainly print work.
"What we're seeing is that the tools that have been made available for designers to be able to create digital experiences require people to learn code. And most designers either don't want to, or they're not interested--or they've learned, and it's just not the way their brain works," said Jane Brady, the senior product marketing manager of Adobe's creative suite. "What they kept telling us is that they want to be able to create a Web site or other kinds of digital content as easily as if they're working in InDesign, Illustrator, or Photoshop."
The company's solution was to grab some former InDesign engineers and put them to work on a product that would do just that, with Muse being the result.
Adobe's Muse software aims to give designers a way to mock up site designs that are actual full-working Web sites.
The software (which Adobe says will get a new name when it's out of beta) lets users design a Web site using a familiar Adobe creative tool set, plugging in backgrounds, headers, footers, menus and Web widgets in a what you see is what you get (WYSIWYG) menus. Page assets like photos and image elements can then be worked on in the company's other design software including Photoshop. All the while, any code that's powering the site sits quietly behind the scenes. Designers can see how their work looks by loading it up in a built-in, Webkit-based browser, or sending it to open in a browser that's installed on their computer.
Muse is being offered up as a standalone app, and has not been designed to interact with Dreamweaver, the company's other Web design software product. It cannot, for instance, open up Dreamweaver files, or offer a way to make edits to Muse code within Dreamweaver.
"We're in an interesting world where our primary goal is to support that visual designer, but they don't live in a vacuum. There's so much going on around them, that we do need to make Muse extensible," said Danielle Beaumont, Muse's group product manager. "But a little bit like a PDF or a Postscript file, we feel like it's our job to generate fantastic code that loads very very quickly and is cutting edge, but we're not looking at generating code that a hand-coder would like to take forward and try to wrap it back into Muse."
Muse has, however, been set up to accept chunks of arbitrary HTML, and make use of Web widgets that can be embedded into pages, things like YouTube videos and Google Maps.
One thing you won't find in the initial release are templates, a mainstay of consumer-facing Web site builders, and even Adobe's own Dreamweaver site building software. "I'll be really honest--templates sometimes really insult visual designers," said Beaumont. "Examples of Web sites that [designers] might want to emulate? Sure that makes a lot of sense." What Beaumont said the company doesn't want is something where users plug in a different photo and consider their work done. Users, however, can import things like .png, .gif, animated .gif, and .flv files, along with content from the company's Edge product.
Building a builder
Like the reason for making the software in the first place, the ramp-up to actually build Muse centered on consumer research. Following its market research, Adobe's plan involved hosting workshops in San Francisco and Seattle to talk with designers about work flows and features. The company also tapped print-centric designers at a local San Francisco design academy, giving them early access to the software and seeking feedback on ways to improve it.
"Early on we realized that as we developed the product, we wanted input from the community. But the community we're working with isn't a Web community necessarily," Beaumont said. "These are visual designers, they're probably highly accomplished. They're not necessarily folks who play with beta software that hasn't been stabilized. They don't necessarily search the Web and go to pre-release sites and post comments in forums to figure out how to intuit a product that's being evolved."
That puts Adobe in a tight spot with the product's release since that's exactly what Muse will be during its beta phase. The company's answer to that is to offer as a free beta for the next six months in order to squash bugs and tighten up features, followed by a version 1.0 software in the first quarter of next year. Following the end of that beta period, Adobe's going to offer it as a subscription service that users pay $20 a month to use, or $15 a month if they buy a whole year at a time ($180). The company admits that the system may not be for everyone but notes that offering it as a subscription service comes with some benefits as a result.
"The way we recognize revenue, once you ship something, we can't add another feature until we add another version," Brady said. "We want to be able to add functionality, and from a product development standpoint, if we know everybody on the marketplace is on the same version, we don't need to worry about different versions--with a subscription they're always on the latest version." That's especially important given the rapid development of browsers and Web standards, Brady argued.
That strategy also continues the trend of Adobe offering its software as a subscription, something it took a big step in as part of an update to its Create Suite product line in April. One big difference in that case is that you can continue to purchase that software bundle up front. The big incentive Adobe's offering with both the subscription-based version of its Creative Suite and Muse is giving paying subscribers the most up to date version of those products.
Muse follows hot on the heels of Adobe's public preview of its Edge software. That tool lets people create animation effects for Web pages using a timeline approach, akin to a video editor, as opposed to having them hand-code everything. Like Muse, that product too is being offered up as a preview ahead of becoming a paid service next year.
Adobe has set up a website where interested parties can download the free beta, view a gallery of Muse-created websites, and access instructional tutorials. Some 40 websites designed with Muse have already been published by Adobe's pre-release community.
Muse requires a dual core Mac running OS X 10.6 or higher and Adobe AIR 2.7 or higher. The program is cross-platform. Complete system requirements are listed on Adobe's website.
Written By
Unknown
on
Monday, 1 August 2011
|
08:07
Adobehas released an early incarnation of its new un-Flash web design tool, Adobe Edge.
First revealed last October at the annual Adobe Max show in Los Angeles, Edge is a means of building web animations using standard technologies such as HTML5, CSS, and JavaScript. It's not a straight replacement for Flash – web standards aren't yet up to the task – but according to Adobe, it rivals the company's Flash Professional tool when fashioning animated web advertisements, widgets, and other similar "interactive" media.
"We see both of these technologies – Flash and HTML – coexisting, just as they always have done," Paul Gubbay, Adobe's vice president of engineering, design, and web, said. "With Flash, we're focused on the upper echelon of rich interactivity – gaming apps, rich media apps, including video, and data driven apps. But some of the things that were originally done with Flash we now see being done in HTML5 and JavaScript."
Adobe Edge in motion (click to enlarge)
Built atop the open source WebKit rendering engine, Edge is part of Adobe's ongoing effort to reposition itself in a world where Apple has banned Flash from its mobile devices and even Microsoft has put its weight behind the latest web standards. Over the past several months, Adobe has begun contributing to the WebKit project as well as the jQuery and jQuery mobile JavaScript libraries, and according to Gubbay, this is the sort of work that would have gone into the proprietary Flash platform in years past.
"What we've been doing for a long time is focusing on our runtime: Flash. And because the HTML5 ecosystem wasn't really moving, we weren't doing a lot there," Gubbay says. "But over the last couple of years, there's been a tidal wave of change [with HTML], and as a result, as we've been listening to customers, we've committed to doing more in the browser."
The company has also beefed up the HTML tools available with its Creative Suite, and now it is releasing an HTML animation tool to the public much earlier in the development process than it normally would. The Edge "public preview is available from the Adobe Labs site, and it's free of charge. Designers are encourages to provide feedback that may help shape future releases. The preview will be regularly updated."
With the tool, you can add animations to existing HTML documents or fashion animations from scratch. You can import standard web graphics, such as SVG, PNG, JPG and GIF files, and style them with CSS. The preview, Adobe says, will be regularly updated as it adds new tools... and it will remain free.
Written By
Unknown
on
Wednesday, 15 June 2011
|
06:56
Hackers exploiting bug, company confirms as it also updates Reader, ShockWave and ColdFusion
For the second time in nine days, Adobe on Tuesday patched a critical vulnerability in Flash Player that hackers were already exploiting.
Adobe also updated its popular Reader PDF viewer to quash 13 new bugs and several older ones the company had not gotten around to fixing.
The memory corruption vulnerability in Flash Player was pegged "critical" by Adobe, which said that the bug could "potentially allow an attacker to take control of the affected system" in an accompanying advisory. "There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious Web pages," the advisory added.
Adobe last issued an emergency update -- dubbed "out-of-band" -- on June 5, when it fixed a critical flaw that attackers were exploiting to steal Gmail login credentials.
Those attacks were different from the ones Google disclosed the week before, when it accused Chinese hackers of targeting specific individuals, including senior U.S. and South Korean government officials, anti-Chinese government activists and journalists, with messages that tried to trick them into entering their username and password on a fake Gmail login screen.
Google, which bundles Flash Player with Chrome, also updated its browser Tuesday to include the just-patched version of Flash.
Adobe has patched Flash Player four times in the last two months, and six times so far this year.
Although most Flash vulnerabilities can also be exploited using specially crafted PDF documents -- Adobe's Reader includes "authplay.dll," a custom version of Flash that renders content within PDFs -- Adobe said the newest Flash bug doesn't impact Reader.
Alongside the Flash security update, Adobe also fixed 13 new vulnerabilities in Reader. The newest version, Reader X, received at least 17 patches.
All but two of the 13 new bugs were pegged "critical" by Adobe, which like Apple doesn't rate flaws with a multi-label scoring system. Instead, it uses the phrase "could lead to remote code execution" to note that hackers may be able to hijack the system and plant malware on the machine by exploiting the bug.
The baker's dozen of new bugs included memory corruption vulnerabilities, buffer and heap overflow bugs, a cross-document scripting flaw, a DLL load hijacking vulnerability and one simply labeled a "security bypass" bug.
That last was a Reader X-only vulnerability that under certain circumstances lets an attacker force the Reader browser plug-in to download a non-PDF file, Adobe said in a reply to follow-up questions.
Adobe also applied at least four -- and perhaps several more -- patches to Reader X that it had declined to fix in three earlier out-of-band updates going back to March.
Although the company had patched older editions in those updates, it had not fixed Reader X, saying each time that because the program's "sandbox" prevented malware from affecting the computer, it would instead wait for Tuesday's already-scheduled quarterly update.
Reader X, which Adobe rolled out last November, includes anti-exploit sandbox technology designed to isolate the program from the rest of the system. Theoretically, the sandbox insures that malware which does launch inside Reader X can't escape to infect the PC or Mac.
According to Adobe, none of the Reader vulnerabilities patched Tuesday have been exploited in the wild.
At the same time it shipped the Flash Player and Reader security refreshes, Adobe also patched 24 vulnerabilities in Shockwave Player, two in LifeCycle Data Services and Blaze DS -- a live streaming service and data push service, respectively -- and two in ColdFusion, an Adobe development platform.
The patched versions of Reader and Flash Player can be downloaded from Adobe's Web site. Alternately, users can run the programs' integrated update tool or wait for the software to prompt them that a new version is available.
Adobe and VideoLAN have released security updates for some of their software programs today. Adobe released a new version of Adobe Flash Player which fixes a security vulnerability in the popular application. The security bulletin reveals that an important security vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier on all supported operating systems including Flash on Android. The cross-site scripting vulnerability could be used to impersonate a user on a website such as that of a webmail provider or financial website. Adobe confirmed reports that the vulnerability is actively exploited by embedded malicious links in email messages.
The update is classified as important which is the second highest severity rating available.
Flash users can verify the installed version of the application by visiting Adobe’s Flash Player page. The system is vulnerable to the attacks if the Flash version is 10.3.181.16 or earlier.
Download links are provided on the security bulletin’s page. The latest version can be downloaded from the official Get Flash Player page as well. Direct Downloads are available as well.
Adobe is currently not aware of attacks that use the authplay.dll component that ships with Adobe Reader and Acrobat. While the company is not aware of attacks at this point in time, it has not completed the investigation if authplay.dll is vulnerable to the recently discovered Flash vulnerability.
In other news: The developers of the popular video player VLC have also released a new version of their application to protect users from recently discovered security issues.
The release notes list an integer overflow vulnerability in xspf demuxer as well as several updates and rewrites of features in the latest version of the media player.
VLC users are encouraged to download and install the latest version of the player right away to protect their system from possible exploits.
Downloads are as usually offered at the official Videolan website.
Curso Adobe After Effects (Photo credit: ceslava.com)
