Adobe has issued an out-of-band patch for a flaw in its Download Manager after being accused by a security researcher of "downplaying" the issue.
Adobe described the flaw as a "critical security issue" and said it "could potentially allow an attacker to download and install unauthorised software onto a user's system."
Earlier this week, researcher Aviv Raff said he had warned Adobe about the flaw, saying it could allow hackers to force their own software to be downloaded using the manager. Adobe responded that the issue wasn't serious.
"Instead of admitting that this design flaw is indeed a problem which can be abused by malicious attackers, Adobe decided to downplay this issue," Raff wrote in his blog at the time.
Days later, Adobe has fixed the problem, and thanked Raff and his fellow researcher Yorick Koster for flagging the issue.
Adobe advised anyone who has used the tool to download Reader or the Flash player for Windows before yesterday to make sure they don't have a compromised version hanging around on their computer.
The security bulletin advised users to check to see if they've been affected by the flaw by searching for the 'C:Program FilesNOS' folder and looking for 'getPlus(R) Helper' in services. If they are found, then simply delete them, Adobe said.
For new downloads, the hole has been patched and the tool is now safe to use.
-
What to look out for at RSAC Conference 2025Analysis Convincing attendees that AI can revolutionize security will be the first point of order at next week’s RSA Conference – but traditional threats will be a constant undercurrent
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reportedNews Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerabilityNews An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Accessing the XDR realmWhitepaper A guide for MSPs to unleash modern security
-
Why zero trust strategies failIn-depth Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid
