Technology

Here's how you can still benefit from clean solar energy without the cost and hassle of installing panels on your roof.

Adobe’s Acrobat Reader, the go-to PDF reader for many of us, is vulnerable to a flow that allows threat actors to remotely run malicious code on the target device.

The vulnerability is described as a “user after free” flaw, and is tracked as CVE-2024-41896. A “use after free” flaw happens when a program tries to access data in a memory location that was previously freed. If a malicious actor manages to deploy malicious code in that freed piece of memory real estate, it could be executed on the device and, consequently, compromised.

It was discovered by cybersecurity researcher Haifei Li, who created a sandbox platform called EXPMON, designed to detect advanced zero-day exploits. After multiple files were submitted to the platform, the flaw was discovered, and with it the fact that it is being actively exploited in the wild. The silver lining here is that the weaponized .PDF files were not deploying any malware, but were simply crashing targeted endpoints, which could also mean that the PoC is still in its infancy or experimental stage.

A fix is out there

However, now that the news is out, it is also safe to assume that different threat actors will start looking for unpatched Adobe Acrobat Reader variants to use. Therefore, it is pivotal that IT admins apply the fix as soon as possible.

While we don’t know who is using it, or against whom, we do know that it all begins with a weaponized .PDF document, so it’s safe to assume that the attack starts with a phishing email. PDF files are often used as invoices, purchase orders, and similar.

Adobe released a patch last month, which did not properly address the problem - but the bug was ultimately fixed earlier this week, and was given a new tracking number - CVE-2024-41869.

Via BleepingComputer

More from TechRadar Pro

• Adobe Acrobat Reader has a serious security flaw, so update now
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

Deck out your house for Halloween with glowing skeletons and creepy digital decorations that will bring fright and delight to trick-or-treaters.

The easiest option is to roll it over into a new CD. But that may not be the best choice for your money.

Not sure which memory all-foam mattress might be best for you? Here's what you need to know about this version of the DreamCloud Premier, based on our team's expertise.

If a router reset isn't fixing the issue, updating its firmware can repair some common bugs.

Experience a dazzling underwater world through these breathtaking images from the 2024 Ocean Photographer of the Year competition.

No one likes a price hike, but Starlink’s Roam Unlimited plan justifies it. Here are the details.

The iPhone 16 and iPhone 16 Pro feature a new Camera Control button that makes the process of taking photos and videos more like using a traditional camera -- including hooks for Apple Intelligence features.

Would you like to be under the sea? Swim through the best images from the 2024 Ocean Photographer of the Year competition.

With Wi-Fi 7 support on the new iPhone 16, you might want to upgrade your router along with your phone.

Kinds of Kindness, Immaculate, and Little Women are just a few of the movies you need to watch on Hulu right now.

A cybersecurity researcher recently stumbled upon an Internet vulnerability allowing him to track people’s email, run code on servers, and even counterfeit HTTPS certificates - in fact, it gave him so many options, it has been described as having “superpowers”.

The vulnerability is quite a simple one in nature - an expired domain, still being pinged by numerous servers. The domain in question is dotmobiregistry.net - which used to host the WHOIS server for .mobi.

A WHOIS server provides information about the registration details of domain names and IP addresses. It is part of the WHOIS protocol, used to query databases that store the ownership and registration information of domain names and network resources on the internet. On the other hand, .mobi was a top-level domain (TLD) specifically designed for websites intended to be accessed via mobile devices. It was launched in 2006, and designed to ensure that websites hosted under this domain are optimized for mobile viewing.

Moving the WHOIS server

At some point, and no one seems to know when or why, the WHOIS server was moved from whois.dotmobiregistry.net, to whois.nic.mobi. When the CEO and founder of security firm watchTowr, Benjamin Harris, discovered this, he purchased the domain and used it to set up an alternate .mobi WHOIS server.

Over the next couple of days, Harris’ doppelganger received millions of queries from hundreds of thousands of systems, including domain registrars, governments, universities, and others.

This allowed him, for example, to dictate who gets TLS certificates.

“Now that we have the ability to issue a TLS/SSL cert for a .mobi domain, we can, in theory, do all sorts of horrible things—ranging from intercepting traffic to impersonating the target server,” Harris said in a technical write-up. “It’s game over for all sorts of threat models at this point. While we are sure some may say we didn’t ‘prove’ we could obtain the certificate, we feel this would’ve been a step too far—so whatever.”

Via Ars Technica

More from TechRadar Pro

• US Authorities Issue RansomHub Ransomware Alert
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

The Department of Homeland Security says that people may not have their Real IDs ready by the current deadline.

Google TV is continuing to go hard on free, ad-supported channels (otherwise known as FAST channels) in the US – and it's just added several more to its home screen to take it past a significant milestone.

As spotted by 9to5Google, Google TV has added an extra 14 channels to its lineup (below), taking its total to 150 channels. As you can see from the list, there isn't anything quite on the level of BBC Earth, but if you like Billiards or true crime, there could be some comforting time-sinks in there for you.

This ramping up of free channels comes as we head rapidly towards the launch of the Google TV Streamer box, which will go on sale on September 24 for $99 / £99 / AU$159. When that box launches, the free channels will apparently be listed under a new Google TV Freeplay heading.

The new channels follow the addition of 10 new ones at the end of August, which included CBC News, FilmRise Horror, and Rig TV, which is themed around "showcasing the toughest jobs on earth." Here's the full list of new channels being added to Google TV's home screen in the latest push:

• Billiard TV
• Buzzr
• The Rifleman
• Xumo Free Nature & Wildlife TV
• The Conners
• World’s Most Evil Killer
• Untold Stories of the ER
• Xumo Free Bollywood & Indian Cinema
• Ghost Hunters Channel
• Highway to Heaven
• Unspeakable
• Cook’s Country Channel
• Ebony TV by Lionsgate
• FilmRise: The Dick Van Dyke Show

Unfortunately, there's still no news on when Google TV's free channels will be coming to the Live tab outside of the US. Hopefully, we'll hear more about that when the Google TV Streamer lands in a couple of weeks.

If you do live in the US, you can find the channels by heading to the Live tab on the main Google TV interface on your smart TV or Chromecast with Google TV. For a full list of Google TV channels, head to Google's official list. 

The FAST race 

(Image credit: Google)

Google isn't the only tech giant embracing free, ad-supported TV – the best free streaming services now include The Roku Channel, Amazon Freevee, and Samsung TV Plus, which runs on Samsung TVs.

We've also recently seen Sony One, a collection of 54 FAST channels, land on Samsung TVs, LG TVs, and TiVo Plus. In the UK, a new free, live TV service called Freely launched in April to bring together the country's major live TV channels in one place.

But there's no doubt that Google TV is a significant player in the space, particularly with the Google TV Streamer launching soon. Naturally, Google has a new ad network called the Google TV Network, which is rolling out across its TV platform and onto the many devices that support it, including Sony, Hisense, and TCL TVs.

Fortunately, despite the imminent arrival of the Google TV Streamer, Google has said it will continue to update its Chromecast with Google TV dongles. A recent one rolled out a couple of days ago, and a bigger update with Android 14 and Matter support is due later this year. 

You might also like…

• Netflix could be planning a completely free ad-supported service but there’s a catch
• 5 free movies on Tubi with 90% or higher on Rotten Tomatoes
• Google TV Streamer: release date, price and everything you need to know

Get ready to laugh and cry all over again.

SK Hynix, the world’s second-largest memory maker (behind fellow South Korean chip giant Samsung), recently turned down a 500 billion won ($374 million) advance payment from an unnamed AI accelerator company to secure a dedicated high-bandwidth memory (HBM) production line.

Instead, according to The Korea Economic Daily, SK Hynix has committed to supplying over 1 trillion won ($749 billion) worth of HBM products to Nvidia, the leader in AI chip development.

HBM, a critical component in AI accelerators and high-performance computing, has become a hot commodity as demand for AI chips continues to surge. Nvidia’s AI chips, which are crucial in data centers and AI applications, heavily rely on HBM, making memory suppliers like SK Hynix key players in the supply chain.

AI and data center growth

Samsung and SK Hynix, the two largest DRAM producers globally, are both expanding their HBM production capabilities. Samsung is currently building a new production line for DRAM and HBM at its Pyeongtaek facility, which will supply AI accelerator chips for companies like AMD. Meanwhile, SK Hynix recently teamed up with TSMC to advance HBM development.

SK Hynix's decision to reject the offer from Nvidia's competitor underscores its strong commitment to Nvidia, which continues to dominate the AI chip market. The global DRAM market, which includes HBM, is expected to double to $175 billion this year, driven largely by the growth of AI and data center technologies.

Both Samsung and SK Hynix are set to benefit from this boom, with increasing investments in DRAM production. Samsung’s capital expenditure for DRAM is expected to rise by 9.2 percent in 2024, reaching $9.5 billion, while SK Hynix is tripling its DRAM spending to $7.1 billion this year.

As AI continues to grow, memory chipmakers like SK Hynix and Samsung are ramping up HBM production to meet the increasing demand from tech giants like Nvidia. HBM prices, currently five to six times higher than standard DRAM products, are expected to further boost profitability for both companies as they continue to benefit from the skyrocketing AI market.

More from TechRadar Pro

• SK Hynix and Kioxia could build lucrative HBM chips for Nvidia and AMD
• SK Hynix teams up with TSMC to advance HBM development
• A glimpse at what the future of memory and storage could look like

Do you have money in a CD? Here’s why you should check on it before Sept. 17.

Teenagers can be scary and impossible to shop for. These adolescent-approved gifts can help.

Nimble makes accessories that are designed to help the planet, and now you can save 20% off its wares.