Adobe last week released a security update for a critical vulnerability in Adobe Flash, but according to security researcher Aviv Raff, installing the update could be cause for concern .
"If you did upgrade to the latest version of Flash from the Adobe website, you very likely have Adobe Download Manager installed," Raff points out.
So what's the big deal? Raff says there's an undisclosed flaw in the way Adobe's Download Manager works, which makes it possible for an "attacker [to] force an automatic download and installation of any executable he desires." In other words, those who download the update end up exposing themselves to a zero-day attack, Raff claims.
Adobe is apparently aware of the issue and is reportedly working with Raff to patch it up. The software maker also downplayed the security risk , saying "the user has to accept a number of prompts before being taken through the installation process," and therefore making it hard for a user to install unwanted and malicious software without their knowledge.