News briefs for May 14, 2019.
A vulnerability in WhatsApp allows spyware to be installed from a single unanswered phone call. The Verge reports that the "spyware, developed by Israel's secretive NSO group, can be installed without trace and without the target answering the call, according to security researchers and confirmed by WhatsApp. Once installed, the spyware can turn on a phone's camera and mic, scan emails and messages, and collect the user's location data. WhatsApp is urging its 1.5 billion global users to update the app immediately to close the security hole."
Adobe warns Creative Cloud users with older apps. According to Engadget, "The software company has sent out emails to customers warning them of being "at risk of potential claims of infringement by third parties" if they continue using outdated versions of CC apps, including Photoshop and Lightroom. These emails even list the old applications installed on the subscribers' systems, and in some cases, they mention what the newest available versions are." Users are being told they are no longer licensed to use the apps and that they need to update to the latest authorized version.
Linux systems running distros with kernels older than 5.0.8 are vulnerable to remote code execution. From Bleeping Computer: "Potential attackers could exploit the security flaw found in Linux kernel's rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.c to trigger denial-of-service (DoS) states and to execute code remotely on vulnerable Linux machines. The attacks can be launched with the help of specially crafted TCP packets sent to vulnerable Linux boxes which can trigger use-after-free errors and enable the attackers to execute arbitrary code on the target system." The vulnerability is being tracked as CVE-2019-11815.
Schools in the Indian state of Kerala have chosen Linux as their OS, which will save them roughly $428 million. According to It's FOSS, Kerala is "the first 100% literate Indian state". IT classes have been mandatory since 2003, and the schools started adopting free and open-source software a few years later, with the plan of getting rid of proprietary software in the schools. "As a result, the state claimed to save around $50 million per year in licensing costs in 2015. Further expanding their open source mission, Kerala is going to put Linux with open source educational software on over 200,000 school computers."
MakeOpenStuff is launching a Crowd Supply campaign for HestiaPi Touch, "an open source, smart thermostat for controlling HVAC and water systems". Linux Gizmos writes that the thermostat "runs a Linux-based openHAB stack on an RPI Zero W along with relays, a 3.5-inch display, and temperature, humidity, and pressure sensors". The HestiaPi Touch will cost $95 (without a case) or $145 (with case), and it's expected to ship in October or November. Linux Gizmos notes that "The hackable device competes directly with the $249 Google Nest Learning Thermostat. Unlike the Nest devices, it does not require a cloud connection thereby ensuring privacy and offering full control to the user."