Adobe fixes download manager flaw
Adobe has issued a fix for a flaw in its Download Manager, after the vulnerability was highlighted in a researcher's blog.
Adobe has issued an out-of-band patch for a flaw in its Download Manager after being accused by a security researcher of "downplaying" the issue.
Adobe described the flaw as a "critical security issue" and said it "could potentially allow an attacker to download and install unauthorised software onto a user's system."
Earlier this week, researcher Aviv Raff said he had warned Adobe about the flaw, saying it could allow hackers to force their own software to be downloaded using the manager. Adobe responded that the issue wasn't serious.
"Instead of admitting that this design flaw is indeed a problem which can be abused by malicious attackers, Adobe decided to downplay this issue," Raff wrote in his blog at the time.
Days later, Adobe has fixed the problem, and thanked Raff and his fellow researcher Yorick Koster for flagging the issue.
Adobe advised anyone who has used the tool to download Reader or the Flash player for Windows before yesterday to make sure they don't have a compromised version hanging around on their computer.
The security bulletin advised users to check to see if they've been affected by the flaw by searching for the 'C:Program FilesNOS' folder and looking for 'getPlus(R) Helper' in services. If they are found, then simply delete them, Adobe said.
For new downloads, the hole has been patched and the tool is now safe to use.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now