Google Project Zero to Discover Ghostscript Vulnerability

Users of popular Linux distributers pre-installed apps are under the thread
23 August 2018   701

Researchers from Google Project Zero reported a vulnerbility in the Ghostscript - open-source interpreter for PostScript and PDF files. An attacker can gain access to applications and servers that work with meentioned software. There is no patch for the vulnerability, therefore, experts recommend turning off all crypters for .PS, .EPS, .PDF and .XPS by default in the policy.xml file.

Employee of the Google Division Tavis Ormandy said that the security hole exploits ways to bypass the isolated environment -dSAFER, through which cybercriminals can send a victim a file with malicious code. When a vulnerable version of Ghostscript opens such a file, the code contained in it will be executed, which will give an opportunity to take control over the management of applications and servers.

The vulnerability has already been confirmed by the developers of the interpreter - Artifex Software, and it does not have its own CVE-identifier yet.

Users of the ImageMagick, Evince and GIMP are at risk. These set of apps are included in many Linux distributions: RedHat, SUSE, Ubuntu, Fedora, FreeBSD, Debian, CentOS. Tavis Ormandi on Twitter to disable Ghostscript encoders for files with .PS, .EPS, .PDF and .XPS extensions in the policy.xml document:

Epic Game to Open Online Services for Developers

First, the company will release the C SDK, which includes online services and integration with the Unreal Engine and Unity
14 December 2018   18

In 2019, the company plans to launch a large set of free online services for all game developers and distribute them as part of the GDPR agreement. They can be used in conjunction with any game engines, platforms and online stores.

Previously, these gaming services were designed specifically for Fortnite. During the existence of the game, Epic Games has tested them on 200 million players and 7 platforms.

First, the company will release the C SDK, which includes online services and integration with the Unreal Engine and Unity. It will only have a basic set of features available, but over time, Epic Games plans to expand it with the following cross-platform elements:

  • data storage and saving games in the cloud;
  • friends list, authorization, profile and rights management;
  • in-game voice communication system;
  • accounting of achievements and trophies;
  • group players and matches.

Also for the PC / Mac platforms, the Overlay API will be released, providing a user interface for logging into the game, a list of friends and other functions.

In the future, the company plans to add more features to the services - for example, creating custom content and anti-cheat system.