Adobe has issued an out-of-band patch for a flaw in its Download Manager after being accused by a security researcher of "downplaying" the issue.
Adobe described the flaw as a "critical security issue" and said it "could potentially allow an attacker to download and install unauthorised software onto a user's system."
Earlier this week, researcher Aviv Raff said he had warned Adobe about the flaw, saying it could allow hackers to force their own software to be downloaded using the manager. Adobe responded that the issue wasn't serious.
"Instead of admitting that this design flaw is indeed a problem which can be abused by malicious attackers, Adobe decided to downplay this issue," Raff wrote in his blog at the time.
Days later, Adobe has fixed the problem, and thanked Raff and his fellow researcher Yorick Koster for flagging the issue.
Adobe advised anyone who has used the tool to download Reader or the Flash player for Windows before yesterday to make sure they don't have a compromised version hanging around on their computer.
The security bulletin advised users to check to see if they've been affected by the flaw by searching for the 'C:Program FilesNOS' folder and looking for 'getPlus(R) Helper' in services. If they are found, then simply delete them, Adobe said.
For new downloads, the hole has been patched and the tool is now safe to use.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerabilityNews An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Accessing the XDR realmWhitepaper A guide for MSPs to unleash modern security
-
Why zero trust strategies failIn-depth Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid
