Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 922
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Adobe Working to Fix Security Bug in Download Manager  (Read 1356 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Adobe Working to Fix Security Bug in Download Manager
« on: 19. February 2010., 16:25:32 »


Adobe Systems is working to fix a glitch in software it uses to speed up downloads of its products that could give hackers a way to push malicious programs onto a victim's PC.

According to security researcher Aviv Raff, Download Manager -- a small program Adobe users to speed up the initial installation of its products -- can be misused to force victims to install unwanted software on their computers: http://aviv.raffon.net/2010/02/15/MayTheForceBeWithYou.aspx

Because of an undisclosed flaw in the way Download Manager works, the "attacker can force an automatic download and installation of any executable he desires," Raff wrote in a blog post. "So, if you go to Adobe's Web site to install a security update for Flash, you really expose yourself to a zero-day attack.": http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx

Adobe said Thursday that it was working with Raff and the third-party developer of the Download Manager product to fix the issue. Download Manager includes an executable program and an ActiveX control or Firefox extension file, depending on which browser is used.

However, it would be hard for a user to install unwanted software without realizing it, because "the user has to accept a number of prompts before being taken through the installation process," said Wiebke Lips, an Adobe spokeswoman, in an e-mailed statement.

The Download Manager is different from Adobe's Update Manger, which is used to patch Adobe software. Download Manager only runs on the computer when software is downloaded, and it removes itself on the next restart. So Raff's attack would only work before that restart removed the Download Manager software.

Still, he believes it is a serious security risk. "This is the kind of scenario that's common when skilled, motivated attackers are going after select targets," Raff wrote on his blog.

(PCW)

Samker's Computer Forum - SCforum.info

Adobe Working to Fix Security Bug in Download Manager
« on: 19. February 2010., 16:25:32 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising