PSA: If your PC runs Linux, you should update Sudo now

Despite the fact that tens of thousands of contributors actively pore over the source code of the Linux kernel and various Unix utilities looking for security flaws, it’s not unheard of for serious bugs to go unnoticed. Just a day ago, the folks over at Qualys revealed a new heap-based buffer overflow attack vector that targets the “Sudo” program to gain root access. The bug this time seems to be quite serious, and the bug has existed within the codebase for almost 10 years! Although the privilege escalation vulnerability has already been patched, it could potentially be exploited on nearly every Linux distribution and several Unix-like operating systems.

---

Enter Baron Samedit

Formally cataloged as CVE-2021-3156, the vulnerability has been named Baron Samedit. The moniker seems to be a play on Baron Samedi and the sudoedit utility since the latter is used in one of the exploit paths. By exploiting this vulnerability, any unprivileged local user can have unfettered root privileges on the vulnerable host. In more technical terms, the bug involves controlling the size of the “user_args” buffer (which is meant for sudoers matching and logging) in order to perform the buffer overflow and incorrectly unescape backslashes in the arguments to obtain root privileges.

Why Baron Samedit is a critical vulnerability

The exploitable code can be traced back to July 2011, which affects all legacy Sudo versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration. The security vulnerability is said to be rather trivial to exploit: the local user does not need to be a privileged user or be a part of sudoers list. As a result, any device running even a fairly modern Linux distribution can potentially fall victim to this bug. In fact, the researchers from Qualys were able to obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2).

We at XDA generally welcome the ability for regular users to gain root access, but we do not celebrate the existence of root exploits such as this, especially one which is so widespread and potentially incredibly dangerous to end-users. The vulnerability has been fixed in the sudo version 1.9.5p2 released yesterday, at the same time Qualys publicly disclosed their findings. Our readers are requested to immediately upgrade to sudo 1.9.5p2 or later as soon as possible.

Source: xkcd

How to check if you’re affected by Baron Samedit

In case you want to test if your Linux environment is vulnerable or not, log in to the system as a non-root user and then run the following command:

sudoedit -s /

A vulnerable system should respond with an error that starts with sudoedit:. However, if the system is already patched, it will show an error that starts with usage:.

---

Source: Qualys Blog
Via: Bleeping Computer

The post PSA: If your PC runs Linux, you should update Sudo now appeared first on xda-developers.

from xda-developers https://ift.tt/3omX8fT
via IFTTT

Samsung’s SoundAssistant app can reduce sound delay for Bluetooth headphones

Samsung recently updated its Good Lock suite of customization tools for devices running One UI 3 based on Android 11. Following the release, the company started updating existing Good Lock modules for One UI 3, starting with the Theme Park, Wonderland, and NavStar modules. Along with One UI 3 compatibility, the updates also brought a handful of new features to these modules. Now, Samsung has started rolling out an update for the SoundAssistant module, and it too brings some new features to the mix.

According to a recent post from Reddit user u/ID1453719, the SoundAssistant update (v. 3.6.06.0) brings a new Bluetooth Metronome feature that will let you sync audio and video when using a Bluetooth device. As you can see in the attached screenshot, the feature includes a slider that will let you easily sync the audio on a connected Bluetooth device and a toggle to enable syncing from the volume panel theme.

Along with the new Bluetooth Metronome feature, the SoundAssistant update brings the One UI 3-style volume panel theme, a new Media Banner mode to automatically mute media when the device is set to vibration or silent mode, and a custom vibration option to help users customize their device’s vibration patterns (One UI 3.1 only). It’s also worth noting that the update removes the following features from the module:

• Floating button (replaced by new volume panel theme)
• Scenario (replaced by Bixby routine or the schedule option of “Do not disturb”)
• Selfie stick

In case you have a device running One UI 3.0 or above, you can download the latest SoundAssistant update from the Galaxy Store on your device. If you don’t see the update there, you can also download the latest APK from APKMirror by following this link. Do note that these new features will only work on devices running One UI 3.0 or later.

The post Samsung’s SoundAssistant app can reduce sound delay for Bluetooth headphones appeared first on xda-developers.

from xda-developers https://ift.tt/3chsP86
via IFTTT

Samsung is reportedly supplying foldable displays to Chinese OEMs

Foldable displays are widely regarded as the next big thing in the world of smartphones. Devices like the Samsung Galaxy Z Fold 2, Huawei Mate Xs, and the Moto Razr have already showcased what’s possible with the foldable form factor and how it will shape the way we interact with our smartphones in the future. However, for foldable smartphones to become a mainstream reality, we will need more OEMs to come forth with their own take on this new form factor. Samsung Display is among the leading manufacturers of foldable displays, and as such, it will have a vital role in bringing the next batch of foldable phones to the market.

So far, Samsung Display has only provided its foldable panels to Samsung Electronics, which we have seen on the Galaxy Fold and Galaxy Z Flip series. But according to a new report from ETNews, Samsung, for the first time, will be supplying foldable panels to Chinese smartphone OEMs this year. The report states that the company aims to ship a total of 1 million foldable displays to Chinese players in 2021. It also quotes an industry insider, who claims that Samsung has been working closely with several Chinese smartphone makers for some time now, and we can expect some of these companies to release a smartphone with a Samsung foldable display later this year. In fact, Samsung began sending samples to various OEMs, including Huawei, two or three years ago. However, due to the US sanctions, the deal with Huawei never materialized.

It’s worth noting that Samsung isn’t the only foldable display manufacturer, and Chinese display vendors CSOT (owned by TCL) and BOE also make foldable panels. In fact, BOE’s foldable panel has already been featured on the Motorola Razr, Lenovo ThinkPad X1, and Huawei Mate X. But Samsung Display is definitely the best in the business right now, as is evident from the Galaxy Z Fold 2’s lead against the competition. It remains to be seen which Chinese OEM will be the first to hit the market with a Samsung foldable panel.

The post Samsung is reportedly supplying foldable displays to Chinese OEMs appeared first on xda-developers.

from xda-developers https://ift.tt/3ceo5jt
via IFTTT

Xiaomi allegedly working on a new haptic feedback system that’s responsive to gestures

Towards the end of last year, Xiaomi announced a minor update for its latest Android skin. The update, dubbed MIUI 12.5, introduced a couple of new features, including new live wallpapers, new system sounds, MIUI+, an updated Notes app, a few privacy changes, and more. While Xioami talked about all of these features during the announcement, it now seems like the company skipped out on one cool new feature that’s allegedly included in the update.

According to a recent post on the Xiaomiui Telegram channel, Xiaomi is working on adding a new haptic feedback system in MIUI 12.5. The post claims that the haptic feedback system will provide realistic feedback to touch inputs, including several gestures. It also includes a demo and a bunch of screenshots, highlighting the capabilities of the new haptic feedback system.

As you can see in the attached screenshots, the new “Natural touch” haptic feedback system will provide an additional dimension to everything you see and touch on your phone’s screen. The system will offer three different types of haptic feedback — Crisp, Base, and Pop — that will vary depending on the action you perform on your device.

The high frequency Crisp feedback will be triggered when you do things like copy text, increase/decrease volume, or tap-and-hold on an icon on the home screen. The low frequency Base feedback will be triggered when you perform any swipe gestures. And the elastic Pop feedback will be triggered when you open context menus. A fourth Realistic touch feedback will be triggered when you interact with notifications, unlock your device with the fingerprint scanner, or when you press the power button.

The settings page for the new haptic feedback system also includes a video demo (attached above), which will likely highlight the different kinds of vibration response that you may get from your device while performing different actions. Although Xiaomi hasn’t released any information about this feature so far, XDA Senior Member and frequent Xiaomi tipster kacskrz tells us that it is currently limited to Chinese MIUI 12.5 builds and it’s disabled in global releases. However, we don’t see any reason why this feature won’t eventually make its way over to global builds. As of now, we don’t know for sure if or when that may happen.

The post Xiaomi allegedly working on a new haptic feedback system that’s responsive to gestures appeared first on xda-developers.

from xda-developers https://ift.tt/2Ylkesw
via IFTTT

The One by Wacom drawing pad is now fully compatible with Chromebooks

When it comes to using a digital pen to draw or sketch on Chrome OS, your options are limited to a Chromebook with a touchscreen and a compatible stylus. However, popular pen tablet manufacturer Wacom now has a solution. The company has secured “Works With Chromebook” certification for its budget-friendly One by Wacom pen tablet, which means that it’s now fully compatible with most Chrome OS devices.

For the unaware, the One by Wacom is a basic pen-and-tablet combo that you can use to draw or take notes on your Chromebook. It includes a tablet measuring 8.3-inch x 5.7-inches with a lightweight pressure-sensitive stylus pen offering 2048 levels of sensitivity. While the pen is battery-free, the pad can be connected to a Chromebook using the USB Type-A cable. If your Chromebook only has a Type-C port, make sure you have a USB Type-C to Type-A converter.

The One by Wacom is compatible with Chromebooks running Chrome OS 87 and kernel version 4.4+. This essentially means over 60 Chromebook models can use this product right out of the box. In case you are unsure about the Chromebook that you own, head over to Google’s Chromium developer site and check for your model. If you do have a compatible model, you can simply plug and start using the device without the need for any special drivers.

Wacom is targeting the education sector with its new product. “Digitalization has great benefits for the education sector. But it has proven to be challenging. As a pioneer of digital pen technology, Wacom is committed to providing teachers, students, and administrators with reliable, sustainable, and easy to use solutions. The new compatibility with Wacom pen tablets and displays will make creating, working, and teaching digitally as natural and intuitive as possible and offer users more possibilities to work with their Chromebook,” the company said in a press note (via About Chromebooks).

Wacom has also partnered with five educational software applications, including Collaboard, Explain Everything, Kami, Limnu, and Pear Deck, to provide compatible tools for collaboration and learning. Customers will also get 3 months of complimentary access to each of these services with a Wacom ID upon registering the product. The One by Wacom is available for purchase on the company’s website for $69.95 as well as other retailers including Amazon at a more affordable price of  $59.95.

The post The One by Wacom drawing pad is now fully compatible with Chromebooks appeared first on xda-developers.

from xda-developers https://ift.tt/2M0fEh7
via IFTTT

Google Camera 8.1.200 rolls out for Pixel phones with a toggle to disable auto Night Sight

The Pixel 5 and Pixel 4 5G came with a revamped camera app in the form of the Google Camera 8.0. The updated app introduced several new features, including a reworked UI with new buttons, Night Sight for portrait mode, Cinematic pan, a quick zoom toggle, and more. This was followed by Google Camera 8.1 in November, which added a Storage Saver mode to help users store more photos, albeit at the cost of image and video quality.

Now, Google is rolling out the Google Camera 8.1.200 for Pixel phones. Although this update doesn’t introduce any major features or substantial UI changes, it does come with a useful quality-of-life change. The update shifts the Night Sight toggle from the bottom right-hand corner of the viewfinder to the “Flash” section of the in-viewfinder settings pop-up. More importantly, it also adjusts the behavior of the “flash off” option to also disable automatic Night Sight.

Auto Night Sight is a feature of the Google Camera app that works when you’re in the regular Photo or Portrait mode. In the current version, the Night Sight automatically kicks in under low-light conditions, and there’s no way to have the feature turned off by default.

As you can see in the screenshots below, there’s a toggle in the bottom right-hand corner to turn off Auto Night Sight, but this only applies for that current session – it defaults to on again the next time you open the Google Camera app. Not every low-light photo warrants the use of Night Sight mode, so the process of having to turn off the Auto Night Sight mode every time you open the camera app in low-light conditions seemed counter-intuitive and annoying.

However, with version 8.1.200, you can disable Auto Night Sight entirely by turning off the Flash, which has been combined with the toggle for Auto Night Sight.

Interested Google Pixel owners can sideload the Google Camera 8.1.200 APK from APKMirror or wait for the update to go live on the Google Play Store.

Google Camera (Free, Google Play) →

---

Thanks to XDA Member cstark27 for the tip and to Telegram user @aer0zer0 for the screenshots of version 8.1.200!

The post Google Camera 8.1.200 rolls out for Pixel phones with a toggle to disable auto Night Sight appeared first on xda-developers.

from xda-developers https://ift.tt/39mvnQn
via IFTTT

Intel Iris Xe based desktop graphics cards are now official

During the launch of its 11th-gen Tiger Lake processors last year, Intel announced its new class of Iris Xe graphics for notebooks. Shortly after the announcement, Intel unveiled the Iris Xe MAX discrete GPU for thin and light laptops, which offered significant improvements over the Iris Xe-LP integrated GPU. The company has now unveiled the Intel Xe MAX discrete GPU for desktops to take things a step further.

According to Intel, the new cards feature three display outputs capable of 4K output, hardware video decode and encode acceleration, including AV1 decode support, Adaptive Sync, and Display HDR support. The GPUs also offers artificial intelligence capabilities thanks to DP4a deep-learning inference acceleration. The GPUs feature 80 execution units, which are comparatively less than the 96 EUs offered on the mobile integrated variant. However, there shouldn’t be a drop in performance, considering that it’s a desktop part, making it less constrained by power or heat. Additionally, the new GPU will also get the entire memory bandwidth along with a dedicated 4GB of VRAM.

The new Intel Xe MAX desktop GPU is aimed at small and medium-sized businesses and mainstream desktops. This means that the GPU may not be available directly to consumers. Intel plans to sell it directly to system integrators who would offer the GPU as part of pre-built systems. Intel has codesigned and partnered with two ecosystem partners, including ASUS, for the new desktop GPU. As of now, there are only two SKUs, a passively cooled unit by ASUS, which should be great for silent systems, and a dual-fan unit, which is allegedly made by Colorful, although Intel doesn’t explicitly mention the partner name.

For more information on the new Intel Iris Xe MAX for desktops, check out Intel’s official product page.

The post Intel Iris Xe based desktop graphics cards are now official appeared first on xda-developers.

from xda-developers https://ift.tt/3cfbwED
via IFTTT