Hello, welcome to the Friday, June 10th, 2016 edition of the Sandrine and Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Baltimore, Maryland.

Adobe's PDF reader, of course, is often in the news for vulnerabilities,

typically evolving around JavaScript, Flash, or other documents being included

in PDFs.

Now back in 2014, Google included a PDF reader in Chrome.

That particular PDF reader was based on code developed by Fox ID.

Sadly, they apparently didn't get it quite right either.

Since Google just released an update for Chrome that fixes a vulnerability that could lead

to remote code execution if someone views a malicious PDF document in Google Chrome.

The vulnerability was found by Cisco's Talos research team and then reported to Google.

In order to take advantage of the vulnerability, an attacker would have to include a JPEC 2000 file

in a PDF document. So that's actually a little bit harder to detect than the usual JavaScript

or similar exploits in PDF files, for which there are a couple of relatively decent generic signatures.

And let's stick with Google here for a moment and in this case about Google's depreciation of SSL version 3 and RC4 support across various Google services.

June 16th, so next week there is another deadline looming here.

As of June 16th, you will no longer be able to connect to Gmail's IMAP or pop service

with ZSL version 3 and RC4. So if you still have an old client that uses these protocols, time to upgrade,

or you will lose access to Gmail, at least via IMAP and pop. This is part of a larger effort

by Google to get rid of SL version 3 and RC4 across all of its services and has been announced before.

But given that the deadline for Gmail actually comes up next week, Google sent out this reminder.

...