Adobe Working Overtime to Squash Security Bug in Download Manager
Adobe Working Overtime to Squash Security Bug in Download Manager
Posted 02/22/2010 at 5:35am
| by Paul Lilly
4
Comments
Print
Adobe last week released a security update for a critical vulnerability in Adobe Flash, but according to security researcher Aviv Raff, installing the update could be cause for concern.
"If you did upgrade to the latest version of Flash from the Adobe website, you very likely have Adobe Download Manager installed," Raff points out.
So what's the big deal? Raff says there's an undisclosed flaw in the way Adobe's Download Manager works, which makes it possible for an "attacker [to] force an automatic download and installation of any executable he desires." In other words, those who download the update end up exposing themselves to a zero-day attack, Raff claims.
Adobe is apparently aware of the issue and is reportedly working with Raff to patch it up. The software maker also downplayed the security risk, saying "the user has to accept a number of prompts before being taken through the installation process," and therefore making it hard for a user to install unwanted and malicious software without their knowledge.
More like this
Athlonite
February 24, 2010 at 7:41am
THIS "the user has to accept a number of prompts before being taken through the installation process," and therefore making it hard for a user to install unwanted and malicious software without their knowledge."
would probably be right should the would be bad guy name it like .. "this will fry your PC.exe"... but if it were me i'd use a name like "Update Adobe Reader 9.exe" which then most people would automatically install
Play till it breaks then learn how to fix it!
Cache
February 22, 2010 at 4:54pm
So... Adobe will have a fix for this in Q3 of 2012? Given their average speed, I'd be shocked to see any fix come in before June.
Sebie Kay
February 22, 2010 at 9:04am
Why must the infection that is Adobe update manager continue to plague us? Why can't they simply allow a computer user to decide themselves when to update a program? This is beyond me, and now look what has happened...
-=Do unto others... THEN RUN!!=-
gmvolk
February 22, 2010 at 6:27am
to not use their download manager. Whenever it comes up, I always cancel installing the download manager and then proceed to download any updates manually. Why they try to force you into using a proprietery download manager is beyond me. Why do I need an extra bloatware program that can only download from Adobe?
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Multi-Monitor Usage On The Rise http://t.co/eWfJfCEG9 hours 42 min ago
- maximumpc: Windows 8 Consumer Preview Coming On February 29 http://t.co/3Nd04FdR15 hours 30 min ago
- maximumpc: Can RIM *ever* catch a break? Not today! App World numbers not as great as previously reported http://t.co/3ERRhr311 day 11 hours ago
