Adobe last week released a security update for a critical vulnerability in Adobe Flash, but according to security researcher Aviv Raff, installing the update could be cause for concern.
“If you did upgrade to the latest version of Flash from the Adobe website, you very likely have Adobe Download Manager installed,” Raff points out.
So what’s the big deal? Raff says there’s an undisclosed flaw in the way Adobe’s Download Manager works, which makes it possible for an “attacker [to] force an automatic download and installation of any executable he desires.” In other words, those who download the update end up exposing themselves to a zero-day attack, Raff claims.
Adobe is apparently aware of the issue and is reportedly working with Raff to patch it up. The software maker also downplayed the security risk, saying “the user has to accept a number of prompts before being taken through the installation process,” and therefore making it hard for a user to install unwanted and malicious software without their knowledge.
via:
Adobe Working Overtime to Squash Security Bug in Download Manager
Related posts:
- Adobe Reader 9.3 patch addresses critical JavaScript security issue
- Wireless Linux Group LiMo Adds Adobe and Three Others
- Betanews Podcast: Transportation security, Facebook sensitivity, and you
- Security Group Seeks to Hold Software Vendors Accountable for Buggy Code
- First Google Chrome 5 offers a peek at future security settings
