Researchers from IBM’s X-Fore Application Security team have discovered a new serialization vulnerability that affect more than 55% of Android phones. According to the researchers, the vulnerability could allow attacks to perform arbitrary code execution and gain access to a user’s device.
The vulnerability is nestled within the Android platform, and it affects Android Jelly Bean, KitKat, Lollipop and M Preview 1.
Microsoft releases Windows 10 IoT core
Microsoft has announced the public release of its Windows 10 IoT core for Raspberry Pi 2 and the MinnowBoard MAX. A preview of Windows 10 IoT Core was first announced at Microsoft’s Build conference. Today’s release comes with improved Node.js and Python support, improved GPIO performance, an analog-to-digital converter and pulse-width modulation support, and new Universal Windows Platform (UWP) APIs.
In addition, the IoT solution provides full support for standard UWP languages such as C#, JavaScript, C++ and Visual Basic.
“Our philosophy is that we want to make it easy for developers to use the languages and frameworks they prefer to build IoT device apps,” wrote Steve Teixeira, director of program management for IoT at Microsoft, in a post.
Opera up for sale
Browser maker Opera is looking for someone to buy up the company. The news comes after the company’s reported second-quarter revenue in which it failed to meet expectations. In a statement, the company said it is looking to sell “in response to strategic interest in the company from a number of parties.”
OpenSSH 7.0 released
Version 7.0 of the OpenSSH implementation of the SSH 2.0 security protocol has been released, including SFTP client and server support, along with new features, bug fixes and updates.
The main focus of the release is to deprecate weak, legacy and unsafe cryptography. OpenSSH will now refuse all RSA keys smaller than 1,024 bits, disable several ciphers and MD5-based HMAC algorithms, and fix weaknesses related to writable TTYs, PAM support privilege separations, and MaxAuthTries keyboard-interactive authentications.
New features include a PubkeyAcceptedKeyTypes option to control public key types, a HostKeyAlgorithms option to control host authentications, extended ciphers and algorithms beyond default, and a PermitRootLogin password feature. More details are available in the full release notes.
Canonical open-sources Ubuntu One file-syncing code
Canonical announced it is open-sourcing the largest piece thus far of its Ubuntu One file syncing code.
The server-side code is what desktop clients connect to when syncing local or remote changes. Canonical is releasing it under an AGPLv3 license and it is encouraging developers to fork the code into their own projects. The company released a FAQ associated with the newly open-source Ubuntu One code.