Reason for all this was bad coding which didn’t incorporate a leap year. Since 2008 was of this kind, the software couldn’t handle an extra day after number 365. Numerous blogposts have been appearing on this topic. One of the possible workarounds first suggested was to hard-reset the player, wiping the updated firmware altogether. This however required getting the battery out, which in turn voided the warranty.

Meanwhile Microsoft has acknowledged the problem an posted their own workaround, being to let the Zune power down completely and only to charge/power on again in the afternoon on the 1st of January (GMT time). The fact stays however that this is a major fuck-up on their part. Things like this should have been tested, and one can only wonder how this ever got passed their QC-department. The proposed workaround doesn’t actually solve the issue, and next leap year this will happen again. Let’s hope Microsoft releases better firmware before that time!

(yes I know… I’m late )

The hole is exploited through the use of a specially constructed pdf-file using javascript. When successful, the attack could make it so that the attacker can execute code with the user credentials of the person opening the malafied pdf.

Adobe has already issued a security patch for version 8.1.2 which resolves the problem. Alternatively, users can also disable the use of javascript in pdfs in the Preferences menu.

Originally, the exploit was discovered in one of Adobe Reader’s alternatives, called Foxit Reader. By using a similar crafted pdf-file, the same kind of attack could be executed. At first it was assumed that only this Foxit Reader was affected, since the way the javascript was constructed didn’t pose a problem in Acrobat Reader.

However when security analysts examined the code in more detail, they found that also Adobe’s version was being affected. It is true that the bug is not being caused by exactly the same code, but nevertheless this hole was exploitable here as well.