Adobe plugs critical hole in Download Manager

[DKT27]

Adobe issued a fix on Tuesday for a critical vulnerability in its Download Manager program that could be used by an attacker to download malware onto a user's PC.

People who downloaded Adobe Reader for Windows from Adobe's Reader download site or Flash Player for Windows from Adobe's Flash Player site prior to the release of the security bulletin on Tuesday are vulnerable, the company said. The issue is resolved for any new downloads of Reader and Flash Player from those sites.

Download Manager is a tool that helps users efficiently download files from Web servers. It is used one time per session and is deleted when the computer is restarted. However, Adobe recommends users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine by following instructions contained in the Solution section of the security bulletin.

Adobe warned of the vulnerability in a blog post on Thursday.

The company credited Israeli security researcher Aviv Raff, and Dutch researcher Yorick Koster working through the iDefense Vulnerability Contributor Program, for reporting the issue. Raff accused Adobe of downplaying the issue in a post on his blog on Thursday.

Source - CNET

Go here if you downloaded anyone of the above two before 23Feb.