Adobe patches a critical flaw

SOFTWARE COBBLER Adobe has fixed a critical flaw in its Download Manager.

The firm said that the vulnerability could let attackers download and install unauthorised software onto a user system.

Adobe said that users should check to see if they are affected by looking to see if the C:\Program Files\NOS\ folder and its contents ("NOS files") are present on their system. If they are it recommends that they run the "services.msc" promp and make sure that "getPlus(R) Helper" is not in the list of services. If it is, they should remove it. Try talking your parents through doing that over the phone.

The issue applies to any instance of the software that was downloaded before today, but will not apply to any new versions, the firm added. Adobe added, "The Adobe Download Manager is designed to remove itself from the computer after use at the next computer restart. However, Adobe recommends users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine."

Adobe credits Aviv Raff for bringing the flaw to its attention, and for Raff it cannot have come soon enough.

In a blog post last week he said, "Recently, I found a design flaw on Adobe's website, which allows the abuse of the Adobe Download Manager to force the automatic installation of Adobe products, as well as other software products (e.g. Google Toolbar). Instead of admitting that this design flaw is indeed a problem which can be abused by malicious attackers, Adobe decided to downplay this issue."

Whether this will change Raff's mind about the firm remains to be seen. µ