Back in 2015 when Star Wars: The First Awakens released, the movie served as a huge boost to Oscar Isaac’s profile. Though he’d been in plenty of films before then, playing Poe Dameron put him on everyone’s radar, to the point where he’s become a Marvel superhero and him coming to Comic-Con is considered a Big Deal.
Starting this upcoming school year, 2022-2023, all public school students in the state can get free lunch and breakfast thanks to the Universal Meals Program.
Apple makes it easy for its users to watch movies and TV shows together even if they’re far apart, and the process is as simple as a FaceTime call.
Zoom’s automatic update option can help users ensure that they have the latest, safest version of the video conferencing software, which has had multiple privacy and security issues over the years. A Mac security researcher, however, has reported vulnerabilities he found in the tool that attackers could have exploited to gain full control of a victim’s computer at this year’s DefCon. According to Wired, Patrick Wardle presented two vulnerabilities during the conference. He found the first one in the app’s signature check, which certifies the integrity of the update being installed and examines it to make sure that it’s a new version of Zoom. In other words, it’s in charge of blocking attackers from tricking the automatic update installer into downloading an older and more vulnerable version of the app.
Wardle discovered that attackers could bypass the signature check by naming their malware file a certain way. And once they’re in, they could get root access and control the victim’s Mac. The Verge says Wardle disclosed the bug to Zoom back in December 2021, but the fix it rolled out contained another bug. This second vulnerability could have given attackers a way to circumvent the safeguard Zoom set in place to make sure an update delivers the latest version of the app. Wardle reportedly found that it’s possible to trick a tool that facilitates Zoom’s update distribution into accepting an older version of the video conferencing software.
Zoom already fixed that flaw, as well, but Wardle found yet another vulnerability, which he has also presented at the conference. He discovered that there’s a point in time between the auto-installer’s verification of a software package and the actual installation process that allows an attacker to inject malicious code into the update. A downloaded package meant for installation can apparently retain its original read-write permissions allowing any user to modify it. That means even users without root access could swap its contents with malicious code and gain control of the target computer.
The company told The Verge that it’s now working on a patch for the new vulnerability Wardle has disclosed. As Wired notes, though, attackers need to have existing access to a user’s device to be able to exploit these flaws. Even if there’s no immediate danger for most people, Zoom advises users to “keep up to date with the latest version” of the app whenever one comes out.
William H. “Marty” Martin was a leading authority on timber rattlers, a species he had been studying since discovering a previously unknown population as a child.
If your Android phone’s screen has started flashing or flickering, don’t panic! It’s probably a software bug, and those are pretty easy to fix.
Cat Zhang, Pitchfork
Whether it’s “the vivid detailing in each song,” her “openness to new media and technology” or projects like her Mi.Mu Gloves, Imogen Heap’s work has inspired the likes of A$AP Rocky, Taylor Swift and Kacey Musgraves. “Heap’s music sounds like it could be released today, and not simply because the 2000s are trendy again,” Zhang writes.
Charlie Warzel, The Atlantic
Warzel’s Galaxy Brain newsletter makes the cut in our weekly roundup a lot because his writing on technology and related topics is consistently on point. This week, he spoke to an ex-Infowars staffer about the Alex Jones trial, including what that work experience was like and what we can do to hold Jones accountable.
Paris Marx, Time
“Musk has become the figure everyone was looking for: a powerful man who sold the fantasy that faith in the combined power of technology and the market could change the world without needing a role for the government,” Marx writes. “But that collective admiration has only served to bolster an unaccountable and increasingly hostile billionaire. The holes in those future visions, and the dangers of applauding billionaire visionaries, have only become harder to ignore.”
A trifecta of Doctors are assembling to celebrate 60 years of Doctor Who. With Ncuti Gatwa (Sex Education) next in line and set to start filming this November, The Hollywood Reporter has learned the transition to the next era of the show may play out a little differently.
The government agency “assumed exclusive legal and physical custody” of Obama’s presidential records when he left office, unlike in Trump’s case.
If you’ve been on the lookout for a robot vacuum to help you clean your home, a new sale at Wellbots gives you the chance to pick up some of iRobot’s most advanced devices for less. The Roomba j7 and j7+ robo-vacs are both $200 off when you use the code ENGADGET200 at checkout, bringing them down to $399 and $599, respectively. If you want to go all-out, you can also get $200 off the Roomba s9+ using the same code and get it for $799.
Buy Roomba j7 at Wellbots – $399Buy Roomba j7+ at Wellbots – $599Buy Roomba s9+ at Wellbots – $799
Both the j7 series and the s9+ earned spots in our best robot vacuums guide. The j7 models are better for most people because they’re cheaper and still have a ton of advanced features. iRobot came out with these models about one year ago and billed them as their first pet poop-detecting robo-vacs. AI-driven computer vision helps these machines navigate around obstacles more efficiently, which means they should be able to avoid any accidents your pets have on your floors. Plus, if they don’t avoid the mess, iRobot promises it’ll send you a new vacuum to replace your soiled one.
In use, the Roomba j7 cleans both carpeted and hard floors well and it navigates back to its charging base before it runs out of battery. If you go for the j7+, you’ll get a clean base as well, which is essentially a garbage can attached to the charging dock into which the robot empties its bin after each job. If you really don’t like vacuuming and want to interact with your machine as little as possible, the clean base will come in handy since it can hold up to 60 days worth of debris.
As for the Roomba s9+, it’s probably overkill for most people — but it’s one of the best robot vacuums available today. It has a sleek design and, since it has 40x the suction power of a standard Roomba, it cleans floors really well and does a good job picking up pet hair. It also returns to its clean base after each job and it’ll empty its dustbin automatically. Both it and the j7 series can connect to iRobot’s mobile app, allowing you to start cleaning jobs remotely and set schedules and check in on the machine if it gets stuck anywhere in your home. iRobot’s app is another major selling point for these devices — it’s pretty straight-forward and easy to use, so if it’s your first time using a robot vacuum, it won’t be too hard to set it up and customize it to your liking.
Follow @EngadgetDeals on Twitter and subscribe to the Engadget Deals newsletter for the latest tech deals and buying advice.
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
