Adobe fixes download manager flaw

Adobe has issued a fix for a flaw in its Download Manager, after the vulnerability was highlighted in a researcher's blog.

security key

Adobe has issued an out-of-band patch for a flaw in its Download Manager after being accused by a security researcher of "downplaying" the issue.

Adobe described the flaw as a "critical security issue" and said it "could potentially allow an attacker to download and install unauthorised software onto a user's system."

Earlier this week, researcher Aviv Raff said he had warned Adobe about the flaw, saying it could allow hackers to force their own software to be downloaded using the manager. Adobe responded that the issue wasn't serious.

"Instead of admitting that this design flaw is indeed a problem which can be abused by malicious attackers, Adobe decided to downplay this issue," Raff wrote in his blog at the time.

Days later, Adobe has fixed the problem, and thanked Raff and his fellow researcher Yorick Koster for flagging the issue.

Adobe advised anyone who has used the tool to download Reader or the Flash player for Windows before yesterday to make sure they don't have a compromised version hanging around on their computer.

The security bulletin advised users to check to see if they've been affected by the flaw by searching for the 'C:Program FilesNOS' folder and looking for 'getPlus(R) Helper' in services. If they are found, then simply delete them, Adobe said.

For new downloads, the hole has been patched and the tool is now safe to use.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19
Security

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19

24 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
WAPDropper malware hooks you up to premium telecoms services
Security

WAPDropper malware hooks you up to premium telecoms services

24 Nov 2020
VMware sounds alarm over zero-day flaws in multiple products
Security

VMware sounds alarm over zero-day flaws in multiple products

24 Nov 2020

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020